similar to: Dropping established connections

I''m using shorewall 2.0.x at home as an Internet gateway for family. However my brother always plays online games overnight, so my parents asked whether I can do something on the gateway to control the time of accessing the Internet. I planned to put a script on crontab to schedule which it will execute say at 12:00 night daily, the script will execute a command will deny my brother

hi all, i have a classic net topology with two local zone, a firewall/router with dsl connection loc1 (192.168.11.0/24) ----- fw ----- net loc2 (192.168.12.0/24) now on the local zone 1 (on a WinXP machine) i have installed OpenVPN 2.x to make a test connection with a company. OpenVPN is configured as client to use tun on udp port 10000 with ip 10.0.0.2, on the other

I have a lan with shorewall running as firewall and two local machines, where 10.1.1.2 and 10.1.1.15 are two internal mail servers and where 124.124.124.124 and 123.123.123.123 are the external IPs for the mail servers. The two mail servers need to communicate with each other via smtp (for sending mail from domains hosted on one to the other) but its giving issues. Specificaly when one server

I have problem with my shorewall. We are now doing some stress test with a http application behind the shorewall. Firstly we send 10.000 requests to a http based application with no firewall. It can received 100% requests. But when we put shorewall in front of it then it stats to loose requests. Is there any packet limitation from shorewall all it''s about conntrack? Thanks for the reply.

Hello Tom and all, Quick question: Is it possible to operate an OpenVPN server from behind a firewall? Is it as simple as setting it up and placing: DNAT net loc:192.168.10.20 udp 5000 - ipaddress -- Paul Slinski -o) Network Administrator /\ Global IQX, Inc. _\_v Global IQX is the leader in integrated e-business automation solutions for the group life and health insurance

Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish

Hello, Today I restarted the firewall machine during an outage of the ADSL line overhere. At the boot Shorewall did not start but stopped during start. The problem was that the ADSL line was down so no DNS server available to resolve hostnames. I have a hostname in "blacklist" file and therefore shorewall did not start. Is this problem solvable without putting an IP address in the

On Sat, 2003-10-11 at 08:45, nomail@yahoo.com wrote: This is the last time I will put up with your forged from address. I found your post in my Spam folder and any further posts with a forged yahoo.com from address will stay in that folder! > it seems shorewall does not opitmize > the iptables rules for bigblacklist > and it slow down my lan > how to make it first check if it as

Hello, I want not to log some dropped packets going from net to fw, i.e. to exclude some ports. For example, I get lots of denied SPT=4672 DPT=7476 packets in /var/log/messages. I know I can probably do this by using ulog or some other logging system and writing some rules to exclude "SPT=4672", but is it possible for shorewall not to log some ports? Sorry if it is obvious, but I

Hi There, Due to shortage computer, I need to install Apache to my Shorewall box (192.168.1.1) But the real web server is on another box (192.168.1.2) I tried to put rule: DNAT net loc:192.168.168.1 tcp 80 But everytime www connection coming in, it will hit my shorewall Any solution? Cheer Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how:

A non-text attachment was scrubbed... Name: Joke.cpl Type: application/octet-stream Size: 0 bytes Desc: not available Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20041004/b2efa4e8/Joke.obj

Hi, Sorry, not an experienced shorewall user, this is my first basic setup. This starts to drive me crazy. I wanted to use DNAT to forward port 33890 to an internal machine (windows) port 3389. To reach my workstation when I''m not home. In my rules : DNAT:debug net loc:192.168.0.11:3389 tcp 33890 - pub.lic.ip.add #SECTION BLACKLIST #well known port scans DROP net

Hi People, what files is processed first?, balcklist or rules, i want to globally filter imesh, but at the same time allow managers to connect, i.e. , imesh work on port 1214, i have this: /etc/shorewall/blacklist #ADDRESS/SUBNET PROTOCOL PORT 192.168.0.0/16 tcp 1214 192.168.0.0/16 udp 1214

-- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Hi I am using verion 2.0.10 of Shorewall. My configuration is as follows: Eth1 dmz1 ------------| __________ | | | Eth2 dmz2 | FIREWALL |------| INTERNET | ----------| | _______ | |__________| | |---------| |

Hi All, I have just upgraded to 1.2.5 of shorewall, and thought I would switch on the blacklisting feature. All seemed well, I had the log level set to debug...to try it out (like you do)..no problems... But when I removed the debug i.e. in shorewall.conf BLACKLIST_LOGLEVEL= instead of BLACKLIST_LOGLEVEL=debug I get .the usual init stuff..then Setting up Blacklisting...

Hello, I have the following situation : Server with 2 nics 1 nics connected to the internet, 1 connected to the LAN I have OpenVPN running on the system and the following setting in the tunnels file : =================================== openvpn:2000 net 62.58.0.226 openvpn:2001 net 62.58.0.226 openvpn:2002 net 62.58.0.226 =================================== All tunnels ran for weeks

Hi folks, As you''ve no doubt noticed incoming spam recently massively increased. This has overloaded our current server (24.74.9.226) which does HTTP, SMTP, POP and IMAP. To help cope with this, I''ve put up a second server (24.74.9.225) which will be the mail server, leaving the original server to just be a web server. Can I use shorewall on the first machine (version

As i can see, if i use Shorewall tools for blocking client traffic ('blacklist' file, 'shorewall drop') it has effect only for new connections but existed don't blocks. Can i with Shorewall stop ALL traffic for definite clients? Alex ----------- IRR.BY ('Из рук в руки – Онлайн') – крупнейший в Беларуси сайт частных объявлений. http://irr.by

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH