Displaying 20 results from an estimated 6000 matches similar to: "Adding dynamically more than one host at once?"
2004 Nov 27
16
bridge and dynamically adding hosts to zones
Hi,
I''ve set up a bridge which connects two parts of the same subnet with
each other.
I''ve set up everything as described in the Documentation and it works
very nicely.
However: I have a problem with adding hosts to zones dynamically.
The zone I want to add hosts to is called ''work''.
Since only the bridge br0 is defined in /etc/shorewall/interfaces
2005 May 29
12
access deny host (ip) to access the Internet
I''m using shorewall 2.0.x at home as an Internet gateway for family.
However my brother always plays online games overnight, so my parents
asked whether I can do something on the gateway to control the time of
accessing the Internet.
I planned to put a script on crontab to schedule which it will execute
say at 12:00 night daily, the script will execute a command will deny
my brother
2009 May 29
5
CONNMARK target and connmark match support in Ubuntu kernel
Hi,
as per the shorewall MultiISP documentation ( http://www1.shorewall.net/MultiISP.html
), it says
"Use of this feature requires that your kernel and iptables include
CONNMARK target and connmark match support (Warning: Standard Debian™
and Ubuntu™ kernels are lacking that support!)."
it means MultiISP wont work properly if i am using Ubuntu server. if
yes whats the
2004 Nov 06
2
Upgrade from Hell
For those of you running SuSE 9.1, I do not recommend upgrading to 9.2
at this time.
Refer to http://shorewall.net/myfiles.htm for information on my
configuration:
a) On Ursa:
1) After the upgrade, both of the NICs were recognized as "configured"
in YAST yet neither of them would start; ifup claimed that no
configuration could be found for either interface. Only got them running
2004 Feb 13
6
Error: Rate Limiting only available with ACCEPT, DNAT[-], REDIRECT[-] and LOG
I think it would be nice to be able to rate limit an action, too..
suppose I have an action named Accept_good_source :
ACCEPT - - tcp - 1024:65535
ACCEPT - - udp - 1024:65535
and that i want to use it in an action called AllowCVS,
i can''t limit the cvs usage, but only the general use of
Accept_good_source...
same goes for userset...
as each rule will give one iptables command,
I
2004 Aug 17
4
Wild cards in "shorewall add" command
Hi
I am looking at converting a Linux terminal server box to iptables
using Shorewall 2.0. (At the moment it uses ipchains).
The server currently has scripts which are called as each user logs
in which run a series of "ipchains" commands to set the access
rights for that user (and again to cancel them when the user logs
out). My plan is to replace these scripts with ones that call
2005 Jan 13
6
Shorewall Web Site mirrored in Italy
Lorenzo Martignoni at Univesita` degli Studi di Milano in Milan has
established a mirror of the Shorewall web site.
http://italy.shorewall.net
http://cert-it.dico.unimi.it/shorewall
Thanks Lorenzo!
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \
2003 Jan 15
5
HTB. QoS and Shorewall
Group,
I am reading about tc (traffic control) and willing to get my feet wet. As requirement, there should be HTB compiled in the kernel. I grabbed a Mandrake 8.2 distro, and didn''t installed the kernel source.
Anyone knows if the HTB is compiled in Mandrake 8.2, or point a way to find that out? I tried to read the /usr/src/kernel.xxxxx/.config file, but it doesn''t exists.
2005 Feb 12
4
Is is possible to do "shorewall reject 1.1.1.1 tcp 25"
Hello,
Is is possible to do "shorewall reject 1.1.1.1 tcp 25" ?
So I can dynamically blacklist offensive smtp senders, but only have
shorewall reject certain types (smtp) traffic from them?
Thanks,
Alex Martin
http://www.rettc.com
2004 Sep 29
12
SPF screening implemented at shorewall.net
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Over the past weekend, I added SPF screening on the MTA at
shorewall.net. SPF is a mechanism for a domain to use DNS to publish a
list of those IP addresses that are used to send legitimate email from
that domain. A receiving MTA can use that published information to
determine if email from a domain is being sent through an MTA belonging
to that
2004 Oct 01
4
Re: Error: Your kernel and/or iptables does not not support policy match: ipsec
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
claas@rootdir.de wrote:
> Hello,
>
>
> I am trying to get ipsec with kernel 2.6.8.1 and shorewall 2.1.9 running,
> but I still have a problem:
>
> Validating hosts file...
> Error: Your kernel and/or iptables does not not support policy
match: ipsec
>
> I had a look for netfilter patch-o-matic, but I did not find the
2005 May 18
3
odd line in current CVS for firewall
>From a diff of my current shorewall firewall script with the new one
from the CVS today :
$ diff -w /usr/share/shorewall/firewall /usr/src/shorewall/s/firewall
[...]
673c910
< for network in $networks; do
---
> for networks in $networks; do
I don''t think that "for networks in $networks" works well.
--
-IAN! Ian! D. Allen Ottawa, Ontario,
2005 Apr 03
6
v1.2/DNAT
Some probably wish v1.2.12-2 out of Debian Woody would just go away, but it''s
what I''m using and really don''t wish to upgrade at this time (but will
eventually). My needs are rather simple and I''m sure it can handle the job.
I''ve read and re-read the FAQs and searched extensively for docs on what my
problem might be, but just cannot put my finger
2004 May 03
1
Fix for ''firewall'' script on shorewall delete
Hello,
I am using "shorewall add" and "shorewall delete" for dynamically
adding and removing users to VPN chains when connecting to a VPN
gateway.
But ''shorewall delete'' has a little problem to delete the correct
rules.
When issuing "shorewall delete iface:host zone", shorewall
tries to execute rules like:
iptables -D source_chain -s host1 -o
2009 Jan 06
9
Test
Given that a 4-day silence on this list is almost unprecedented, thought
I had better send a test post. Apologies for the spam.
------------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
2005 Feb 24
2
Re: 2.2 shorewall installation fails on suse 9.2
Laurent Moix wrote:
> Hi,
>
> I try to install shorewall 2.2 on suse 9.2.
>
> # rpm -ivh --nodeps /root/shorewall-2.2.1-1.noarch.rpm
> Preparing... ########################################### [100%]
> 1:shorewall ########################################### [100%]
> shorewall: unknown service
> shorewall: not a runlevel service
>
>
2004 Dec 05
2
host list in /etc/shorewall/hosts: interface ignored
Hi,
the new function ''shorewall show zones'' in 2.2.0-Beta showed a thing
which is (in my view) either abug or not documented.
If I have a line in /etc/shorewall/hosts which reads
work br0:eth0:192.168.2.10,192.168.2.11,192.168.2.12
then "show zones" has the output
work
br0:eth0:192.168.2.10
br0:192.168.2.11
br0:192.168.2.12
That is, the
2005 Mar 09
13
Ways to get around DNS names in rules
I''m re-reading the section on dns names in the shorewall docs:
"I personally recommend strongly against using DNS names in
Shorewall configuration files. If you use DNS names and you
are called out of bed at 2:00AM because Shorewall won''t start
as a result of DNS problems then don''t say that you were not
forewarned."
Having been stung by this a few times
2008 Oct 20
1
[Fwd: Question]
I am forwarding this post to the Shorewall Users mailing list. The email
address ''support@shorewall.net'' is reserved for sending large or
confidential attachments to the Shorewall support team.
See http://www.shorewall.net/support.htm
-Tom
-------- Original Message --------
Subject: Question
Date: Mon, 20 Oct 2008 11:30:04 +0000
From: Raul <rfunez@polar.es>
To:
2006 Jan 28
3
Shorewall/Xen setup (correct from-address this time)
(if this post gets line-feed-mangled please read
http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled
version, thank you)
Hello,
first I would like to thank the Mr. Eastep and contributors for this great piece
of software and superb documentation.
I have a SOHO server (Debian testing) that I''m using for several purposes so
I''ve set up a Xen