similar to: Re: [Shorewall-newbies] Re: Shorewall-newbies Digest; Problems with blacklist and nat !

Return-Path: <viuwier@wp.pl> X-Original-To: shorewall-announce@lists.shorewall.net Delivered-To: shorewall-announce@lists.shorewall.net Received: from smtp.wp.pl (smtp.wp.pl [212.77.101.160]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.shorewall.net (Postfix) with ESMTP id E3D8F33DB3 for

First off, I want to say that everyone on this list is great. So heres what I want to do..I have a maclist setup with all my users (roughly 400). There are constantly people leaving (deleting their accounts which removes their MAC address) and registering for internet access ( I have a php webserver that registers them, adds them to the maclist, and allows them on the net). Is there a way to

Thanks a lot , Everythings is working now. Quoting Alex Martin <alex@rettc.com>: > > > At this point point ip addr show: > > 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > > inet 127.0.0.1/8 scope host lo > > 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000

Setting up MAC Verification on eth0... Error: Interface eth0 must be up before Shorewall can start my : /etc/shorewall/shorewall.conf: MACLIST_DISPOSITION=REJECT MACLIST_LOG_LEVEL=info interfaces: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 217.96.90.242 noping loc eth0 255.255.255.0 routestopped,maclistmaclist: maclist: #INTERFACE MAC IP

Hi, I want to automate some of the maclist and rule functionality: User connects to the network and gets a DHCP address from the shorewall box. Using squid and redirection, all the user can do is go to a login page on the firewall User logs in correctly to the form on the webpage and a process captures MAC and IP address info from the dhcpd.leases file Once authenticated, a maclist entry and an

Good post Alex, I agree that all the talk of Wiki and FAQ''s are getting off topic from what the main problem is... Tom dealing with questions already answered in the faq. The documentation there is already very good. I also think that shorewall-newbies is probably not the best way to go. The idea of shorewall-developers (Tom and those that want to be included) and Shorewall-Users (NOT Tom

Hi, I''ve migrated my tc configuration from CBQ to HTB. One problem appeared. Htb seems to miscalculate the bandwidth for classes with greater rates. For rates below 2Mbit there is almost no difference between the configured and the measured rate. For large ones the problem starts. My root class has 10Mbit rate and when the interface has heavy trafic the measured bandwidth

Hello, I have been maintaining, well watching, no real maintenance yet, the shorewall wiki (http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ) and though its evolution is slow, there is definitely evolution. Maybe it will become useful yet. I looked at this recent post: http://wiki.rettc.com/wiki.phtml?title=Talk:Port_Forwarding Here someone has requested help for Kazaa. I am sure this

Hello, Mike Noyes and myself have populated http://wiki.rettc.com with the shorewall FAQ. This wiki is running MediaWiki, http://www.mediawiki.org. Currently, a couple items are not complete. I have just begun a heavy semester of mathematics/physics studies, and do not have much time to give to this. But, it is online, and seems to be stable. I will keep an eye out for abuse, and limit

Hi, I have a few problems with my shorewall configuration. First of all, the option maclist seems no to be recognized. I have this: ghostwheel /etc/shorewall # cat interfaces | grep -v ''^#'' - eth1 detect dhcp,tcpflags,routefilter loc eth0 detect tcpflags,maclist When I look at shorewall-init.log, I found out:

Hy, sorry for my poor english i think i''m having a very unusual problem and very dificult to track, but i''ll try to explain it as best as i can. here is my scenario: a firewall/bridge composed of 3 ethernet devices and 1 virtual one. my bridge (br0 ) is composed of eth0, eth1 and tap0 br0:eth0 is my connection to my router (200.244.92.1) br0:eth1 is my connection to my

Hi: According to http://www.shorewall.net/Documentation.htm#Interfaces there is one recommendation for internal interface but wireless Wireless Interface -- maclist,routefilter,tcpflags,detectnets,nosmurfs a recommendation for wired internal interface?(100 win32 clients) I use tcpflags,detectnets thanks

hi there. There are approx. 400-500 users in our network and we plan to insert all their MAC addresses into maclist and bind them together with IP address. My question is whether shorewall is able to process that much of MAC addresses without slowing the the network speed performance? thanks for your time. __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new

> Yes -- just leave the setting of MACLIST_DISPOSITION=REJECT and any request > from interfaces with the ''maclist'' option will be rejected if there isn''t a > match found in the maclist file. I have wrote some IP''s and MAC''s from my network, for example : #INTERFACE MAC IP ADDRESSES (Optional)

http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3 Problems Corrected: 1) If a zone is defined in /etc/shorewall/hosts using <interface>:!<network> in the HOSTS column then startup errors occur on "shorewall [re]start". 2) Previously, if "shorewall status" was run on a system whose kernel lacked

Hello guys, Is there any way to match a render :nothing? I coudn''t find any way to do this so i''ve just changed my controllers to do a "head :ok", but it would be nice to know if there is any other way :) -- Maur?cio Linhares http://alinhavado.wordpress.com/ (pt-br) | http://blog.codevader.com/ (en) Jo?o Pessoa, PB, +55 83 8867-7208

Happy New Year, everyone. With the new year, comes a new major version of Shorewall. The reasons for opening a new version are: 1. The packaging and dependencies have changed in this release. 2. There are minor migration issues. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E

Happy New Year, everyone. With the new year, comes a new major version of Shorewall. The reasons for opening a new version are: 1. The packaging and dependencies have changed in this release. 2. There are minor migration issues. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E

It is working very good :) Thank You. I only need to write Interface etho in maclist file. My MAC addresses don''t neet the ~ in front of. Thanks ! Maciek -- ---- Oferta jakiej jeszcze nie by³o! Serwer www 60 MB za 99 z³ rocznie Szczegó³y: www.oferta.alpha.pl ----

Hello, Is is possible to do "shorewall reject 1.1.1.1 tcp 25" ? So I can dynamically blacklist offensive smtp senders, but only have shorewall reject certain types (smtp) traffic from them? Thanks, Alex Martin http://www.rettc.com