similar to: [slightly OT] Calculating subnets

Ok, I give up. I tried, really hard, before asking but I must be the most stupid shorewall user on the planet :( My laptop runs a single eth0 interface and knows Net and Firewall as zones and the default "inbound" policies are Net->Any DROP and >ny->Any REJECT. Now at home I have my trusted 192.168.174.240/29 subnet which hosts my very trusted 192.168.174.242 host and I

Perhaps someone can help me understand why this is happening. I''m trying to write a script using ''shorewall iprange'' to parse some ip ranges into subnets so that i can place them into the blocklist. I keep getting an error when i run the script though. Here is the script: #!/bin/csh foreach i (`cat ipranges`) shorewall iprange $i >>

I would like to add a rule allowing only the address 192.168.150.20 and the range of addresses from 192.169.150.100 to 192.168.150.150 in zone dmz0 to connect to two terminal servers in the local zone. Is there a syntax that can specify a range of addresses in the rules file? Do I have to enter each one separately? -- Stephen Carville Unix and Network Adminstrator DPSI 6033 W.Century Blvd.

Hi, in shorewall version 3.4.8 used this rule to block access to Facebook through port 443 (https): /shorewall/rules: REJECT loc net:69.171.224.12, 69.171.224.0/19,69.63.176.0/20,66.220.144.0/20 tcp 443 What I did was block the public IP network segment to fitthrough https. Now I use this same rule in version 4.4 and I works already. Has anything changed in this

http://bugzilla.netfilter.org/show_bug.cgi?id=639 Summary: iptables iprange Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: blocker Priority: P1 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: paulo.santos at

Hi, I have the following problem while activating this rule entry using shorewall-shell: ACCEPT:notice:rul WAN:139.x.x.226 INT:139.x.x.153-139.x.x.156 udp 1024:65535 1024:65535 "-m iprange" in front of "--dst-range" is missing in the activation command. The logging entry (above) is set correct. Below is the debug output. Thanks Regards Günter + case $level in +

Hi, could you tell me the correctly syntax to lists any ip adresses. For example: EXT1=192.168.111.239 192.168.215.40 and so on. Must there be a ";" or a blank ? Regards Michael Menkhoff Vote for Kerry

Dear All, I try to upgrade, my old shorewall from 4.4.13-3 to 4.5.2.3-1 on CentOS, after upgrade i can''t start shorewall with this message: "/Shorewall: Address Ranges require the Multiple Match capability in your kernel and iptables/" I try to search on the net about this, but no still no light. Somebody can help me? Great appreciate for any help. Regards,

Hello all, It''s my first letter on this list, and, my English is not very well. Please take me indulgence for grammar/syntax and over erorrs :)) I have trouble for acl''s of ip range. But, acl for one host (with ip adress) work fine. Please help me for make work acl/find erorr in acl. Becouse I''m new shorewall user, I maked test configuration on Virtual Mashine

http://bugzilla.netfilter.org/show_bug.cgi?id=711 Summary: iptables -m iprange causes unknown error Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P5 Component: ip_tables (kernel) AssignedTo: netfilter-buglog at

Hello, when deploying drivers via Point-and-Print recent Windows (tested with Windows 10 1607) asks the user to confirm the driver installation. An appropriate Policy [1] is set up so that no user interaction should be required for the driver installation. There are similar reports [2,3] that identify updates KB3163912, KB3172985 and KB3170455 causing these issues. However, Windows 10 1607

Hai Mard ans Tomas, Just out of interest and maybe this helps also for bug 12761. Are you still able to test this on a VM? Can you try my samba 4.6.8 package. That one contains a patch for printer driver problems. This bug report. https://bugzilla.samba.org/show_bug.cgi?id=12761 ( reported my Marc itself. ) Its more about the 32bit driver upload and delete of drivers, but who knows, i

Ihave the following line in the rules list: .

Dear all, after putting up a bridge to be used as a firewall with the following configuration: linux 2.6.4-52-smp kernel bridge-utils 0.9.6-121 Bridge is setup standard with 2 NIC's and STP off. I noticed a strange behaviour; when connecting from an outside machine with the same iprange as the inside machines (a.b.xxx.xxx) I could connect. When trying the same from a non-local

I have a three tinc server setup, similar to "4.3 How Connections Work" using the configuration mostly likehttp://ostolc.org/site-to-site-vpn-with-tinc.html The clients (Ubuntus, Debians and Windows 10s) can all ping (and SSH) to each other remotely. As far as that is concerned it's working great - thanks so much for some great software. However, on each of the Tinc servers (A and

Hi I know I still need to learn a lot about firewalls so if I''ve missed some doc I should have read don''t hesitate to point it out to me. I have set up shorewall on my desktop and my laptop and everything appears to be working fine but now I''d like to allow certain services (like shh, rsync, unison, http) between these two PC''s. My LAN looks like this:

I can use DSMARK to mark on the Egress side. Is there a way to mark/change the DSCP value of an incoming packet on the ingress side? Thanks. Jon Flechsenhaar Boeing WNW Team Network Services (714)-762-1231 202-E7

Guys, i know i saw this somewhere but i cant seem to locate that info now... Scenario: ............... I have a simple two interface firewall. The firewall machine also provides some services to the LAN and to the NET. What i would like to do is allow only a particular range of IPs frm the internet to access those services. What do i need to do with my ''rules'' file. Ideally

Hello, I am having troubles with the following configuration in that it produces the following errors: *Masterserver:* On the server (yea, I know) side is a Linux machine called "*masterserver*". It should have a VPN IP of 192.168.2.1 and it sits behind a pretty generic ADSL Router (with port 655 forwarded) which can be found via a dynamic host address. A small snippet of errors this

Dear Centos-Virt: This is actually a second request for help on the same issue. I finally got to try what several months ago was replayed to me and no joy was to be had. I am afraid the original thread got stale and also had extra, unnecessary data in it. Guest=XP Pro, SP2 Host=CentOS5; # uname -r; 2.6.18-8.1.15.el5 VirtualBox-1.5.0_24069_rhel5-2.i586.rpm