similar to: New User on FC3

Harald Welte just announced that the 2.6 Kernels will not support the ''unclean'' match extension except via Patch-O-Matic. Since I have a polciy of not supporting Netfilter features that are only available in P-O-M, I will be removing the ''logunclean'' and ''dropunclean'' interface options from Shorewall. In 1.4.7, a warning will be issued if

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hello, If I set my network interface to have "logunclean" along with "dhcp,norfc1918,routefilter,noping,tcpflags", then when I connect to http://welcome.hp.com/country/us/eng/support.htm and choose any of the product I get this. logpkt:LOG:IN=eth0 OUT= MAC=00:a0:cc:5b:09:5f:00:08:e2:32:34:70:08:00 SRC=192.151.11.205 DST=24.24.243.178 LEN=80 TOS=0x00 PREC=0x00 TTL=239 ID=14025

Shorewall 1.3.4 is available: 1. A new /etc/shorewall/routestopped file has been added. This file is intended to eventually replace the routestopped option in the /etc/shorewall/interface and /etc/ shorewall/hosts files. This new file makes remote firewall administration easier by allowing any IP or subnet to be enabled while Shorewall is stopped. 2. An /etc/shorewall/stopped

I am a newbie to linux and shorewall. I am reading the shoreall quickstart guides. I am a bit confused about the following statement: ----------- quote -------------- The firewall has two network interfaces. Where Internet connectivity is through a cable or DSL "Modem", the External Interface will be the ethernet adapter that is connected to that "Modem" (e.g., eth0) unless you

What version of shorewall do you suggest I try on a FC3 system? TIA, /ChJ

I installed Shorewall 2.2.2 on a vanilla install of Fedora FC3 I have not udated the kernel yet. After some fault finding I went back to the 2 interface example configuration files for 2.2.2. In shorewall.conf I have to specify the path for IPTABLES="/sbin". If I leave this commented out then shorewall reports that it cannot find iptables. When I have this line in shorewall will

http://shorewall.net/pub/shorewall/Snapshots ftp://shorewall.net/pub/shorewall/Snapshots Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command.

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

Hi, I''m having problems with new Shorewall installation on Fedora Core 3 (had same problem with Core 2 and upgrade did not help even iptables was upgraded from 1.2.9 to 1.2.11). I''ve followed two nic example, but starting Shorewall drops all connections and don''t permit any outgoing requests, even with "all allowed" policy. Policy file is below. Current setup

Beginning with Shorewall 2.2.0, I am no longer going to maintain the Errata web page (http://shorewall.net/errata.htm). Rather, each version''s download directory will contain: a) A ''known_problems.txt'' file. This file will list all confirmed problems and any corrections or workarounds available. You will notice that the ''known problems'' file for the

Dear all: Im using shorewall 2.0.3a (debian) w/ ULOG. shorewall starts ok, and the firewall is running, but nothing is printed on the logs. I try, for example, to do a connection to a port that is opened on the server but closed by the FW and I get a connection refused. If I stop the firewall, this port is accesible from the outside. I think I''ve followed all the steps on

Hello, Has anyone had any luck compiling Alexander''s QOS script on a vanilla FC3 or FC2 box? I just cant seem to get the darn thing to port right. Regards, Bryan _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0 and 1.3.1. In both versions, where an interface option appears on multiple interfaces, the option may only be applied to the first interface on which it appears. A corrected firewall script for 1.3.1 is available at: http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall and

Dear All, I think I have a useful idea for how shorewall startup could be speeded up in a more automatic manner. Apologies if this is daft, but I think it might work.... Motivation: not all users understand the intricacies of shoreall beyond using the distro setup tool. [And on this particular laptop, shorewall takes 15 seconds during boot.] I have already read this (about shorewall

Hiya. I am currently usiong Shorewall 1.4.8 on my Mandrake box. I want to look at upgrading it to the Latest build of shorewall. Is there anything I need to look out for before doing this ? Is there a FAQ as to the easiest way or doers it upgrade ok following the usual Upgrade via RPM instructions. cheers in advance. _________________________________________________________________

Hi, I am running Gentoo 1.4, with the 2.4.19 vanilla kernel, and merged shorewall-1.3.9b. I have dropunclean set on eth0 in /etc/shorewall/interfaces. I double checked that I compiled "Unclean match support (EXPERIMENTAL)" into the kernel, but I still get "modprobe: Can''t locate module ipt_unclean" logged when I run ''shorewall status''. Does it

I have what strikes me as an odd problem with shorewall. Let me describe my setup. My desktop (alfred) is connected to the network through an ADSL modem. I am running rp-pppoe, and this works perfectly. I have a small home network, with two LANs; an Ethernet LAN (including a machine running Windows XP), and a WiFi LAN, including the laptop (william) I am using now. All the computers except for

The current CVS version (/Shorewall project) contains a redesigned IP accounting facility. The new facility is: a) Much simpler. :-) b) More flexible. :-) c) Compatible with bw-acct. :-) c) Incompatible with the previous implementation :-( There''s a new Accounting Page available at: http://shorewall.net/AccountingNew.html On top of Snapshot 20030813: a) Move the

Hello, I''ve "emerged" Shorewall 2.0.7 onto my Gentoo pc. Going through the 2 interface quickstart guide I download the 2.0.1 interface sample and untar it. "tar -zxvf two-interfaces.tgz" Maybe a dumb question but I can''t find anything on Google or the Shorewall mail archives that say anything about this. So I''m assuming its me. :P But the