similar to: tcrules question

Hi Folks, I''m a new user to Shorewall, it came installed on the redWall firewall that I am using and I''m really happy with both projects! Thanks for all your work on it! I have a question about tcrules and $FW. I''m doing source policy routing and need to be able to add an output rule to the mangle chain with a source that is specific network, not 0.0.0.0/0. It

Hi all, I moved wshaper 1.1 cbq file to tcstart, but none of my tcrules are being observed. The only way I can set the marks is by editing the tcstart file. Is there a way to incorporate for tcstart to read and apply my set marks in tcrules? Thank you, ~Andrew Nady.

Hi, First of all, thanks to all shorewall developers. Shorewall is really great. Here is a patch to add the following feature : This patch allows you to mark packets according to the user name under which the program generating output is running. To do so, the patch will allow you to write rules in the tcrules file looking like that : #MARK SOURCE DEST PROTO PORT(S) CLIENT USER #

I have just installed shorewall 2.0.9, having spent a day and a half tracking down why my tcrules wasn''t working properly in 2.0.8. I didn''t see the announcement of 2.0.9 because it didn''t go to -announce. Anyway I have 2.0.9 now (the package from Debian incoming) and the problem is still there. My tcrules file says: 1 0.0.0.0/0 0.0.0.0/0 tcp 22 1 0.0.0.0/0 0.0.0.0/0

Hi, first of all, let me thank you for your great Shoreline Firewall. I use it with great success at home (protecting my WiFi connection). And now if I could have a question about traffic shaping. I did read everything I could find but I still have two problems: first, the MARK from tcrules is not working in HTB based simple tc filter line ("handle $MARK fw classid 1:20"). If I switch

Having study a number of documents on linux traffic shaper, I started to setup my shaping rules in my network. My linux box is running RH AS3 U3, shorewall 2.0.9. It is using PPPoE connected to the Internet firewall: eth0: connect to the adsl modem eth1: private net ppp0: virtual dial up interface for pppoe There is a ftp server on the private net It is listen for port 21 and configured

Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish

I was wondering if anyone had implemented rules like this in shorewall: http://blog.andrew.net.au/tech I see tons of brute force attempts on the machines I administer, and I like the idea of limiting them without the need for extra daemons scanning for attacks. Thanks, Dale -- Dale E. Martin - dale@the-martins.org http://the-martins.org/~dmartin

Ok, shaping on Linux is new to me.. so bear with me if i am just stupid. curtain:/etc/shorewall# grep TC shorewall.conf | grep -v ^# TCP_FLAGS_LOG_LEVEL=info TC_ENABLED=Yes CLEAR_TC=Yes TCP_FLAGS_DISPOSITION=DROP curtain:/etc/shorewall# So it should be enabled, right? ---- tcrules ---- 1 eth0 0.0.0.0/0 all 2 eth1 0.0.0.0/0 all 2 eth2 0.0.0.0/0

Hello. I´m using an ftp server in passive mode using ports 30000-50000 and i have a question: how i can limit bandwidth using shorewall for multiple ports? It´s possible? Can someone send me an example? Thanks Wilson ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated

>Miguel Ángel Domínguez Durán wrote: >> Hello again, >> First, excuse me for my poor english. >> I''m trying now to make bandwith control in a firewall machine running >> Shorewall. This machine is also a bridge using bridge-utils >> bridge-utils-devel. It is a mandrake 10. The configuration is something >> like >> this: >> >>

I am trying to apply the new :T flag in tcrules. the man page for this file [1] sayas that if SOURCE is $FW then rules are applied in OUTPUT. this doesn''t seem to work on my setup. I have in tcrules : ------------------------------------------------------------------------ RESTORE:T 0.0.0.0/0 0.0.0.0/0 all - - - 0 CONTINUE:T 0.0.0.0/0 0.0.0.0/0

I was previously using multiple providers on my "real linux" gateway which had a kernel that supported high marks and I was policy routing in tcrules. I''ve now moved to openwrt where their kernel apparently does not have high marks. I want to continue to be able to have multiple providers and a) policy route between them and b) be able to set marks for other things like

how can I check whether packets are being marked as per my tcrules file? 4 0.0.0.0/0 202.37.230.93 udp 500 4 fw 0.0.0.0/0 udp 500 also can someone confirm what ports are needed to be opened for ipsec? 1701,1723,47,500 ??? P.

I try use setup traffic shaping with Shorewall-4.0.2 and have fault. When i start Shorewall with tc-files configured i get follow messages: ... RTNETLINK answers: No such file or directory We have an error talking to the kernel ERROR: Command "tc filter add dev eth2 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 500kbit burst 10k drop flowid :1" Failed

Dear All, Linux Kernel 2.4.20-8 Running Shorewall 2.2.0 ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:48:54:53:82:45 brd ff:ff:ff:ff:ff:ff inet 62.68.254.178/28 brd

I don''t know whether this is the right place to ask, but kindly point me to an FM that I can R if it isn''t. My wife is creating lots of Kazaa traffic, and I am using rsync to create a full mirror of Red Hat''s FTP site, Aurora Linux FTP site, the LDP site, and some other stuff. Clearly, when one is moving well over 100GB over a 128 Kbps link, this is going to take a

I have two (interconnected) questions: First of all, I''m trying to use IPP2P to classify my P2P traffic and give it a lower network priority. I''ve already successfully built IPP2P into iptables and the kernel. I read http://www.shorewall.net/IPP2P.html, but it''s confusing me. Using the documentation for normal tcrules in 3.0

So after reading the traffic control documentation at shorewall.net I am a little confused. I don''t understand how to use the tcrules file. What I would ideally like to do is setup htb on a per user basis (either by IP or MAC address). If anybody has any hints on the best way to do this or is willing to explain the use of tcrules file a little better (how I could mark it per IP or MAC)

I am setting to a shorewall system with 4 NIC''s as per the outline specification below. Can anyone please have a look and let me know what I have missed and what I have got wrong as I want to take this system live ASAP but do not want to kill internet access and the hosting for too long ! I have listed below the system outline & have attached the config files that I have changed, if