similar to: Re: Performance problems with bigblacklist

Hello, I have searched the list but couldn''t find the right answer. I want to drop an established DNAT connection but could not manage it yet. Someone earlier said to bring down the public interfaces, stop shorewall, bring up the public interface and then start shorewall again but this won''t work. I also saw a message from Tom that someone then should unload all iptables

I''m using shorewall 2.0.x at home as an Internet gateway for family. However my brother always plays online games overnight, so my parents asked whether I can do something on the gateway to control the time of accessing the Internet. I planned to put a script on crontab to schedule which it will execute say at 12:00 night daily, the script will execute a command will deny my brother

Hello, I want not to log some dropped packets going from net to fw, i.e. to exclude some ports. For example, I get lots of denied SPT=4672 DPT=7476 packets in /var/log/messages. I know I can probably do this by using ulog or some other logging system and writing some rules to exclude "SPT=4672", but is it possible for shorewall not to log some ports? Sorry if it is obvious, but I

I have problem with my shorewall. We are now doing some stress test with a http application behind the shorewall. Firstly we send 10.000 requests to a http based application with no firewall. It can received 100% requests. But when we put shorewall in front of it then it stats to loose requests. Is there any packet limitation from shorewall all it''s about conntrack? Thanks for the reply.

Hello all, I''m new to the list. But have been using Shorewall on and off for over a year now. The one thing that got me hooked on staying with Shorewall, was the extensive and useful documentation. Great Job! I see also that over use of blacklisting is time consuming for restarts, refresh and it also means the kernel spends more time checking incoming packets. The following is from:

Hi All, I have just upgraded to 1.2.5 of shorewall, and thought I would switch on the blacklisting feature. All seemed well, I had the log level set to debug...to try it out (like you do)..no problems... But when I removed the debug i.e. in shorewall.conf BLACKLIST_LOGLEVEL= instead of BLACKLIST_LOGLEVEL=debug I get .the usual init stuff..then Setting up Blacklisting...

As i can see, if i use Shorewall tools for blocking client traffic ('blacklist' file, 'shorewall drop') it has effect only for new connections but existed don't blocks. Can i with Shorewall stop ALL traffic for definite clients? Alex ----------- IRR.BY ('Из рук в руки – Онлайн') – крупнейший в Беларуси сайт частных объявлений. http://irr.by

On Fri, 30 Aug 2019 at 17:34, Finkel, Hal J. via llvm-dev <llvm-dev at lists.llvm.org> wrote: > > > On 8/30/19 10:18 AM, Sam Elliott via llvm-dev wrote: > > TL;DR: I am proposing to add the GCC C Torture suite [1], as an additional external source of tests for the “nightly” test suite. If you are willing to review the patch, it is here: https://reviews.llvm.org/D66887 >

Hi, Does anyone know how I can monitor our server's for blacklisting? We run a large amount of shared hosting & reseller hosting servers and from time to time one of the IP's will get blacklisted. I'm looking for a way to be notified if any of our IP's get blacklisted. Is this possible? -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog:

hi all, shorewall claim that support stateful connection. But I read the document, I can''t found any configuration on it like in iptables e.g. -m -state NEW, ESTABLISHED something like like. Is shorewall by default is staeful connection for any connectione.g. web, http

While the subject is new features, here''s something I''d like to see. I''d like to have a way for shorewall to be able to monitor a log file and take an action when a condition is met. For instance, if Shorewall could monitor /var/log/httpd/access_log for entries which I have defined (and know to be an attack), and then take an action such as blacklisting a host or domain

A non-text attachment was scrubbed... Name: Joke.cpl Type: application/octet-stream Size: 0 bytes Desc: not available Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20041004/b2efa4e8/Joke.obj

I have a lan with shorewall running as firewall and two local machines, where 10.1.1.2 and 10.1.1.15 are two internal mail servers and where 124.124.124.124 and 123.123.123.123 are the external IPs for the mail servers. The two mail servers need to communicate with each other via smtp (for sending mail from domains hosted on one to the other) but its giving issues. Specificaly when one server

hi all, i have a classic net topology with two local zone, a firewall/router with dsl connection loc1 (192.168.11.0/24) ----- fw ----- net loc2 (192.168.12.0/24) now on the local zone 1 (on a WinXP machine) i have installed OpenVPN 2.x to make a test connection with a company. OpenVPN is configured as client to use tun on udp port 10000 with ip 10.0.0.2, on the other

There are 1500 tests total, and about 100 on the platform-agnostic blacklist. Alex and I do not think this is an onerous burden for maintenance, either as an external test suite or if the test suite is imported. In the long term, if we import the tests, we know we will have to do updates when the Embecosm work lands, and beyond that updates can be more sporadic. It’s not clear to me how much

Hi I am using verion 2.0.10 of Shorewall. My configuration is as follows: Eth1 dmz1 ------------| __________ | | | Eth2 dmz2 | FIREWALL |------| INTERNET | ----------| | _______ | |__________| | |---------| |

version: 2.02f redhat linux: latest version Dear Shorewall, I love your product and am a windows programmer. I got into Linux just to run shorewall and protect my network. I have 2 questions and would really appreciate any help you can offer. #1) My firewall seems to limit traffic to 225 kb/s. Is this normal (running an old AMD K2 chip and 2 100 nics). I should have 900 kb/s and have had my

hi i''ve created an emergingthreats fwrules ipset updater for use with my shorewall. maybe others find this usefull too. short howto: * get bash script (emerging-ipset-update.txt) from http://doc.emergingthreats.net/bin/view/Main/EmergingFirewallRules * add the configured ipsets to shorewall configfile "blacklist" * if not already configured: configure your interfaces for

Hi, Given the recent increase in SIP brute force attacks, I've had a little idea. The standard scripts that block after X attempts work well to prevent you actually being compromised, but once you've been 'found' then the attempts seem to keep coming for quite some time. Older versions of sipvicious don't appear to stop once you start sending un-reachables (or straight

Return-Path: <viuwier@wp.pl> X-Original-To: shorewall-announce@lists.shorewall.net Delivered-To: shorewall-announce@lists.shorewall.net Received: from smtp.wp.pl (smtp.wp.pl [212.77.101.160]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.shorewall.net (Postfix) with ESMTP id E3D8F33DB3 for