similar to: upgrading issue - start up not showing rules

Shorewall 1.4.9 is now available. http://shorewall.net/pub/shorewall/shorewall-1.4.9 ftp://shorewall.net/pub/shorewall/shorewall-1.4.9 Unless something urgent comes up, this will be the last release of Shorewall 1.x. Release notes are attached. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

Hello, I''ve "emerged" Shorewall 2.0.7 onto my Gentoo pc. Going through the 2 interface quickstart guide I download the 2.0.1 interface sample and untar it. "tar -zxvf two-interfaces.tgz" Maybe a dumb question but I can''t find anything on Google or the Shorewall mail archives that say anything about this. So I''m assuming its me. :P But the

Thank you for your support. The next question: Is there a kind of common chain applied before ACCEPT policy? I want to DROP or REJECT Netbios traffic on most interfaces but do not want to repeat those rules in the rules file. Thanks, Boi -----Th?ng ?i?p chuy?n ti?p----- > From: Tom Eastep <tmeastep@hotmail.com> > To: Le.Hong.Boi@sg.netnam.vn > Subject: Re: Shorewall 1.4.6: common

Hi, I plug my laptop in different networks and use the following hack to configure automatically shorewall for trusted/untrusted networks: In /etc/shorewall/params: # none is a dummy zone associated to the loopback interface NONE="none:0.0.0.0" # Network scheme, automatically detected by intuitively NETWORK_SCHEME="$(cat /etc/network/scheme 2>/dev/null)" case

Hi I am looking at converting a Linux terminal server box to iptables using Shorewall 2.0. (At the moment it uses ipchains). The server currently has scripts which are called as each user logs in which run a series of "ipchains" commands to set the access rights for that user (and again to cancel them when the user logs out). My plan is to replace these scripts with ones that call

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta This is Beta 1 plus fixes to the problems reported by Michael Van Damme and Jochen Schlick. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

I have implemented the ability to specify ''all'' in the SOURCE and DESTINATION columns of the rules file and I''m not sure I like the result. The code is in CVS if any of you are interested in giving it a try. If you do try it, please let me know what you think. If you specify ''all'' in those columns it must not be qualified (may not be followed by

Hi, I''ve upgraded my shorewall version from 2.0 to 2.2.1 using the .tgz I followed the instructions for upgrade and got a warning when running shorewall check on /usr/share/shorewall/action.DROP and action.Reject using "dropNonSyn" while that has changed to DropNotSyn . I manually copied over action.DROP from the source tree. Question: Are there more files to check ? Even

I want smtp requests from the internet to address 202.1.2.3 are to be forwarded to 192.168.1.109, so I set ORIGINAL DEST is 202.1.2.3 but when I restart it show error: iptables v1.2.11: invalid TCP port/service `210.0.214.212'' specified Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/sbin/iptables -A net2loc -p tcp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!, I''d like to know how to set up shorewall to deny a user-defined action in a time-based basis, for example, I have a group of users using MSN, AOL, www and https, in a defined action called action.BasicAccess now, I want this access to be enabled only on lunch time from Monday through Friday and weekends from noon to 6pm... I know

Has anyone encountered a situation where packets dropped by the newnotsyn chain can result in sporadic browsing problems, slowness, and even timeouts? I noticed that of the 3300 hits for newnotsyn in our current log (6 hours worth), over 2700 of them were to/from our proxy servers. And browsing through them, most *appear* to be otherwise valid packets from remote web servers that would have

[newbie question] Before using Shorewall I used to manually write some very short iptables rules which where probably much poorer than what this Shorewall gem does but I could "follow" them very easily. Now reading the output of iptable -L gives me a terrible headache. Is there some tool that graphs the rules in order to "see" them better ? For instance I was experiencing

Hi, I''m trying to add following iptables rules to shorewall: iptables -I INPUT -d 192.168.1.1 iptables -I OUTPUT -s 192.168.1.1 What should I put in my custom action or any ware else? I need these rules for munin accounting. iptables -L INPUT -v -n -x Chain INPUT (policy DROP 5 packets, 260 bytes) pkts bytes target prot opt in out source destination 7175

Javier Fernández-Sanguino Peña has discovered an exploitable vulnerability in the way that Shorewall handles temporary files and directories. The vulnerability can allow a non-root user to cause arbitrary files on the system to be overwritten. LEAF Bering and Bering uClibc users are generally not at risk due to the fact that LEAF boxes do not typically allow logins by non-root users. For 2.0

I am using debian sarge. I want to block all incoming requests except DNS (port 53) and allow all outgoing traffic. I did a apt-get shorewall. When I start shorewall, I cannot even ping to any external site. I am a newbie and difficult to follow the online guide. Can anyone please help me. Thanks !

Hello, I''ve been using shorewall ever since Mandrake started shipping it, and am passably familiar with the config files and the simple setups. Recently I''ve discovered the "recent" module (no pun intended!) and want to setup a few rules that use this module. I searched all through the shorewall site (including

From the shorewall 1.4.9 Beta 1 News: #Start section 4 4. Support for user defined rule ACTIONS has been implemented through two new files: /etc/shorewall/actions - used to list the user-defined ACTIONS. /etc/shorewall/action.template - For each user defined <action>, copy this file to /etc/shorewall/action.<action> and add the appropriate # here it says to copy the template # to

John, I''m taking the liberty of copying the Shorwall Development list since I believe that these issues will be of interest. On Tue, 6 Aug 2002, Links at Momsview wrote: > Tom, > I''m not sure if you ever saw this document but it describes some of the > reasons you are seeing strange packets > after setting up NEW not SYN >

Hi all, I have seen Shorewall places the state verification rules (-m state --state ESTABLISHED,RELATED) as the first rule in a zone2zone chain. This means that state checking is done after all the rules involving from this zone to this zone. As you could have a lot of them, wont be better to place them just after checking the state is not invalid? This will mean a lot of packages will be

Hi all, I''m using Shorewall since one year (1.4, then 2.0) I''m trying to migrate a linux firewall from iptables rules to shorewall. The firewall has three zones - net internet - loc1 lan - loc2 second lan I have a lot of rules like this, to SNAT the ip addresses of some computers on loc1 (192.168.16.0/24) when they connect to loc2 (10.0.0.0/8) iptables -v -t nat -I