similar to: Do not log broadcast

Hi all, I have shorewall up and running on my system. (GNU-Linux Mandrake 9) When I tested my firewall at grc.com, Shields-Up informs me that ports 113 and 135 are closed and not ''stealthed'' When reading the faq on the Shorewall site I saw that shorewall rejects rather than denys connection requests on ''TCP ports 113, 135, 137 and 139 as well as UDP ports

Just out of curiosity, I''m running shorewall on a machine that has 4 nic''s and 4 different VPN tunneled subnets. When I want to define a service that is available from any source to a certain destination, instead of making a matrix of all the different combinations possible, is there an easier way? Something like,: ACCEPT any loc tcp ssh Which

Hello ! I have began to use Shorewall and I think there is a missing feature. Suppose that I have a given rule and that I want to add the condition that this rule matches only if the ToS bit x is set. There is no easy way to do this. Would it be possible to add a field "misc" which will allows the user to add specific iptables switches ? This misc field which just be appended to the

Sorry to barge in on an old thread. I''m having the same trouble as the gent who started this thread. I''ve tried the options described and can''t seem to get the tunnel to pass packets through it. I''m using the Netscreen Remote VPN client (Safenet derivative) on a windows machine, trying to connect to a Netscreen 5xp at the other end. The connection fires

Until further notice, I will not be involved in Shorewall development or support. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net

Hey gang, I was wondering if all that documentation could or has been put into PDF format. I usually like to download documentation and read it while I''m sitting comfortably at home and I don''t want to tie up the phone line all night. Thanks, Nino p.s. If so, please feel free to attach the PDF formatted document to my e-mail ;-)

--

Hi all! I''ve set up a Linux box with shorewall doing proxy arp as per http://www.shorewall.net/shorewall_setup_guide.htm#ProxyARP the 5.2 (non routed) example. Everything is working great except for one thing, and that leads me to my question: is there a conflict between proxy arp and pptp? I''ve set the apropriate ACCEPT rules to allow tcp port 1723 and protocol 47 to the host

Hi, I''ve installed Emule (p2p program) on my client box but I can''t access the servers due to the firewall. I''m getting this blocking errors: Jan 22 01:26:07 servidor kernel: Shorewall:net2all:DROP:IN=eth1 OUT=eth0 SRC=213.22.49.86 DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=50538 DF PROTO=TCP SPT=46408 DPT=4662 WINDOW=5840 RES=0x00 SYN URGP=0 My rules file

The ''firewall'' script currently in the /Shorewall CVS project: a) Is approximately 15% faster starting/restarting on my configuration -- please report your experiences with it. b) Reloads Traffic Control/Shaping as part of "shorewall refresh" c) Turns off the shell trace after an error has occured (except when the command being traced is "stop" or

Hi, I''ve got a question about how to configure the shorewall, and maybe someone could answer. I have a PC with 3 ethernet. The eth0 connets to internet. The eth1 connects to LAN A, and the eth2 connects to LAN B. I''ve configured the shorewall for doing NAT, and both LANs can navigate, but it seems that from a LAN A host you can connect to a PC of LAN B, and the other way

Hi! I have a Linux shorewall firewall that is the default gw of the network. I want to redirect all localy originating traffic to port 80 into another machine on port 8002 into the local network. This machine is a WIN2000 machine running a commercial software (proxy, content filtering) that only runs into Windows... :-( I tried something like this but this doesn''t seem to work: local

Hi, I configured some ha services using heartbeat, I have this on my log: Nov 14 09:59:06 mail1 heartbeat[3932]: ERROR: Unable to send bcast [-1] packet: Operation not permitted Nov 14 09:59:06 mail1 heartbeat[3932]: ERROR: write failure on bcast bond1.: Operation not permitted how allow broadcast only on some interfaces with shorewall? attacched is shorewall status Thanks Nicola

Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0 and 1.3.1. In both versions, where an interface option appears on multiple interfaces, the option may only be applied to the first interface on which it appears. A corrected firewall script for 1.3.1 is available at: http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall and

❦ 4 avril 2018 17:00 +0200, Vincent Bernat <bernat@luffy.cx> : >>> You can do that locally, but as a patch it's very unlikely to be >>> accepted upstream because we've introduced RW locks to be able to access >>> domain list from multiple threads. >> >> Looking a bit more, the whole "iterating" bit is currently >> unsafe.

Hi, I installed the shorewall 1.3.8-2 debian package to my debian testing machine which serves as the gateway to the internet. Since I have two other machine connect to internet thru this gateway machine, I also downloaded the configuration guide for "basic two-interface firewall" and followed the instructions. When I try to start the shorewall I get the following message and can not

Although the parameterized samples have allowed people to get a firewall up and running quickly, they have unfortunately set the wrong level of expectation among those who have used them. I am therefore withdrawing support for the samples and I am recommending that they not be used in new Shorewall installations. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \

The ''firewall'' and ''functions'' file in CVS together produce a 30%+ speedup of ''shorewall restart'' on my firewall when compared to 1.3.11a. Please test with these files -- I don''t anticipate making any more performance changes for 1.3.12 and I want to be sure that I didn''t break anything. -Tom -- Tom Eastep \ Shorewall

Dear shorewall list enthusiasts, I recently set up a dedicated linux box running shorewall in order to isolate my network from the "evil other side" :) It works so well that I first have to thank and congratulate everybody that took part in this project ! Then, I have a question, that separates my setup from "wonderful" to "heaven" : I activated the

Hello, on my old system I''m using ipchains. Can anyone help me with converting rule /sbin/ipchains -A forward -j MASQ -s source_addr -d destination_addr 443 -p tcp to shorewall. I know that I can write eth0 source_addr to /etc/shorewall/masq file but I can''t found where I can specify the destination address. The reason for this is to allow one user (computer) access only to