similar to: I''m off the list for a couple of days

What speaks for it and which speaks against it that Firewall and squid run on the same machine? Regards Menki ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more

I''ve just put in production a Linux firewall with 4 ethernet interfaces and 3 openvpn tun virtual interfaces. With Shorewall everything work like a charm (only a little hassle with some details, due to bad configuration, not bugs!) Great tool! Tom and other Shorewall developers, you all are great! Bye (and sorry for my bad english) -- Paolo Basenghi - Centro elaborazione dati

This is a bug-fix roll-up. Problems corrected since 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The "shorewall stop" command is now disabled when

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there interest in ipp2p support in Shorewall? While the ipp2p code is not part of the standard kernel.org distributions, my experience is that it is very easy to install and I would be willing to provide support for it if there is interest. See http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html for information about ipp2p. - -Tom - -- Tom

I have been asked to assume the role of Architect for a large project here at HP and I have accepted. While this is an important step forward for my career, it is a step backward for Shorewall in as much as the time that I will be able to devote to Shorewall in the foreseeable future will be be very limited. So while I will attempt to keep on top of problems, Shorewall 2.0 will have to be put

hi have a little problem of configuration I have a network with a server (192.168.0.1) and other pc one is 192.168.0.20 i want to reject all output from 192.168.0.20 for port 4000 (tcp and udp) i want accept incoming packet on port 4000 but reject outgoing packet on port 4000 so could you give me a solution please ? thank you PS : I hope you undersatnd waht I want because im frecnh and my

Hi all! I have got a vpn connection set up using FreeSwan and shorewall. Everything works fine but I want to add another subnet to the whole. This means that 1 box will get two net-to-net connections. I want to limit the services on one subnet however. Cuurently I have defined a vpn zone for the current connection and allow all vpn<->loc traffic. How would I go about in tightening the

I''m trying to implement something similar the the diagram in section 9.5.2.1 in the LARTC HOWTO, but must have missed something somewhere :( I''m trying to hack up wondershaper, as it looked like a good place to start.. Here''s where I currently at, but I''ve tried alot of different things, all failing, some worse than others. The end result is to throttle back 126

Hi, I noticed shorewall''s accounting feature didn''t support the owner module of iptables. Well, I needed the feature so here''s a patch that makes it possible. However, there''s one thing you might review carefully as I wasn''t sure what''s the best way to work around it. You must use chain OUTPUT in order to make -m owner work (iptables

I''m attempting to setup Squid as shown on: http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat 7.2 on the server in the DMZ. I''m not seeing the requests come in to the server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the firewall, the local traffic I''m trying to

Hello, I want to test Shorewall''s IPsec feature. It requires patched netfilter (and kernel but that''s another story). I didn''t want to replace my distribution''s iptables package with my own compilation so I installed it to another prefix. Now Shoreall uses the iptables command found first in $PATH. I don''t think this is the most elegant way. I

I will be off of the lists until Monday evening (GMT -0800) at the earliest. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net

... are they possible?, or better yet: Are they enhacements at all? First, make it possible to use the vars defined in the params file usable in the policy and shorewall.conf also. Second, make it possible to specify a pseudo log level like NULL, SWNULL (SW by Shorewall) or an appropiate name that would have the same effect as not specifying a log level at all. These modifications together

I just installed stock shorewall-3.4.2 and shorewall-perl-3.9.0 under Cygwin on this Windows XP system. I downloaded the two-interface sample and modified shorewall.conf by adding "SHOREWALL_COMPILER=perl". I copied a capabilities file from my desktop and: teastep@EASTEPNC6000 ~/Configs/test $ shorewall check . Checking... Checking /home/teastep/Configs/test/zones... Checking

I just installed stock shorewall-3.4.2 and shorewall-perl-3.9.0 under Cygwin on this Windows XP system. I downloaded the two-interface sample and modified shorewall.conf by adding "SHOREWALL_COMPILER=perl". I copied a capabilities file from my desktop and: teastep@EASTEPNC6000 ~/Configs/test $ shorewall check . Checking... Checking /home/teastep/Configs/test/zones... Checking

Until further notice, I will not be involved in Shorewall development or support. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As I pointed out to Wilson in a private message, this appears to show that no other connection requests (other than port 3000) are being sent from the client to the server (or at least no other connection requests are being received by the Shorewall box). Wilson: Are you sure that the client is supposed to open port 3001 on the server and not the

Lorenzo Martignoni at Univesita` degli Studi di Milano in Milan has established a mirror of the Shorewall web site. http://italy.shorewall.net http://cert-it.dico.unimi.it/shorewall Thanks Lorenzo! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

In my SuSE updates this morning, I found "Bug fixes for i810/Radeon graphics drivers"... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key