similar to: does shorewall support more advance features of netfilter ?

http://bugzilla.netfilter.org/show_bug.cgi?id=591 Summary: NAT REDIRECT target does not always work Product: netfilter/iptables Version: unspecified Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: major Priority: P1 Component: NAT AssignedTo: laforge at netfilter.org

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=87 Summary: 'iplimit' match is misnamed, should be 'tcplimit' Product: netfilter/iptables Version: linux-2.4.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: unknown AssignedTo:

Dear All Is shorewall able to open selectively a port for a specific program and not to all programs installed? If so, where from can one get the appropriate documentation? Thanks in advance, Paul

This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Thank you for your support. The next question: Is there a kind of common chain applied before ACCEPT policy? I want to DROP or REJECT Netbios traffic on most interfaces but do not want to repeat those rules in the rules file. Thanks, Boi -----Th?ng ?i?p chuy?n ti?p----- > From: Tom Eastep <tmeastep@hotmail.com> > To: Le.Hong.Boi@sg.netnam.vn > Subject: Re: Shorewall 1.4.6: common

Hello! We''re using Shorewall 1.4.2 and running into an interesting problem when we try to enable logging of traffic that netfilter classifies as "related" to an existing connection: there doesn''t seem to be a way to do it. Places where we''ve run into this problem are: (1) Attempting to log individual active or passive FTP data connections separately from

In the docs at http://www.shorewall.net/Shorewall-perl.html, "Your ipsets must be loaded before Shorewall starts. You are free to try to do that with the following code in /etc/shorewall/start" implies that code in /etc/shorewall/start is executed BEFORE Shorewall starts. In the default /etc/shorewall/start # /etc/shorewall/start # # Add commands below that you want to be

I thought of creating an htb class for each user, but as you said I haven''t got enough bw to do soo. That’s why my setup only has 5 classes with WRR queues so I get sure each user doesn’t affects the other users. On top of that I have an iplimit to a maximum of 15 parallel connections per user. So I get the following conclusions: A) change link B) upgrade to kernel 2.6 and use l7

hi, there is no support for patch-o-matic netfilter modules. what i have to do if i want to use several patch-o-matic modules? which parts of code has to be changed and will that changed be included into the main shorewall tree in future or not? best regards claus

Hello, I''m a very happy user of shorewall but I have found a problem or maybe a misconfiguration I made which I can not resolve. I use a fairly large blacklist based on probes, nimda & codered attacks, proxy & relay probes etc. The only problem is that I want to block incoming trafic on all ports FROM a block but it does also block a httpd, ping etc TO a ip in a block what I do

Just a FYI: OpenSSH-2.9.9p2 compiles just fine on Irix 6.5.13, using the MIPSPro-7.3 compiler (gcc-3.0 creates a binary that gives funny log messages), linking against the freeware OpenSSL package from freeware.sgi.com No PAM, but anyway... This is how i did it: bash-2.04# export CC=cc bash-2.04# ./configure --prefix=/usr/local/openssh \ --with-ldflags=-L/usr/freeware/lib32 \

Hi All! Been quite a few years and lots of water under the bridge but here I am back! I have a customer that has now decided they need a bit more bandwidth over and above their fixed line! They are not in a good area for ADSL because of copper theft and being a bit to far from the closest DSLAM! They have installed a wireless link and I have made certain that put it behind my simple iptables

How do I allow traceroute to reach my server? Pings work fine but traceroute stops at the last hop before my server. If I shut off the firewall it reaches it fine. PING danicar.net (24.222.246.120): 56 data bytes 64 bytes from 24.222.246.120: icmp_seq=0 ttl=237 time=104.0 ms 64 bytes from 24.222.246.120: icmp_seq=1 ttl=237 time=74.9 ms 64 bytes from 24.222.246.120: icmp_seq=2 ttl=237 time=90.6

First let me say that I am not subscribed to the list, so please send me a copy of any replies. I have been using Shorewall for years as the firewall for my LAN. It has been awhile since I played Starcraft and hosted games. Back then I was using the 2.2 kernel with the loose_udp patch and no firewall. All worked fine. I stopped playing Starcraft a while back and later upgraded my kernel to 2.6

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=50 Summary: Kernel panic with netfilter Product: netfilter/iptables Version: patch-o-matic Platform: i386 OS/Version: All Status: NEW Severity: normal Priority: P2 Component: unknown AssignedTo: laforge@netfilter.org

hi list, oh it''s not really a problem. Each time i fire shorewall, i run a custom iptables script: (for the openvpn machines to have route back from my bridge/fw - $SOURCEIP is the ip of my OpenVPN/Fw/bridge) iptables -A POSTROUTING -t nat -s 10.8.0.0/16 -j SNAT --to-source $SOURCEIP i wish to better integrate it within shorewall, so is there any config files that could achieve the

Good Morning Mike, I''m finding that when I load a document, XXE is blindly removing all "superfluous" white space from "programlisting" elements. This of course is leading to a real mess (check out the FAQ on the web site :-( ). What can I do to avoid this? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=87 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From laforge@netfilter.org 2003-04-28 08:25 ------- The misnomer is true. I

Hey gang, I was wondering if all that documentation could or has been put into PDF format. I usually like to download documentation and read it while I''m sitting comfortably at home and I don''t want to tie up the phone line all night. Thanks, Nino p.s. If so, please feel free to attach the PDF formatted document to my e-mail ;-)

Everyone, Progress was slow today. I started out well, but then I ran into Documentation.htm. Progress slowed considerably, as I analyzed the document structure. I''m up to /etc/shorewall/hosts Configuration. I hope to finish Documentation.xml by tomorrow evening. Converted documents: 6to4.xml CorpNetwork.xml FAQ.xml Please post feedback, if you see any problems with the converted