similar to: maclist option -> sorry good ver.

Setting up MAC Verification on eth0... Error: Interface eth0 must be up before Shorewall can start my : /etc/shorewall/shorewall.conf: MACLIST_DISPOSITION=REJECT MACLIST_LOG_LEVEL=infointerfaces:#ZONE INTERFACE BROADCAST OPTIONSnet ppp0 217.96.90.242 nopingloc eth0 255.255.255.0 routestopped,maclistmaclist:#INTERFACE MAC IP ADDRESSES (Optional)eth0

> Yes -- just leave the setting of MACLIST_DISPOSITION=REJECT and any request > from interfaces with the ''maclist'' option will be rejected if there isn''t a > match found in the maclist file. I have wrote some IP''s and MAC''s from my network, for example : #INTERFACE MAC IP ADDRESSES (Optional)

Hy, sorry for my poor english i think i''m having a very unusual problem and very dificult to track, but i''ll try to explain it as best as i can. here is my scenario: a firewall/bridge composed of 3 ethernet devices and 1 virtual one. my bridge (br0 ) is composed of eth0, eth1 and tap0 br0:eth0 is my connection to my router (200.244.92.1) br0:eth1 is my connection to my

Hi, I have a few problems with my shorewall configuration. First of all, the option maclist seems no to be recognized. I have this: ghostwheel /etc/shorewall # cat interfaces | grep -v ''^#'' - eth1 detect dhcp,tcpflags,routefilter loc eth0 detect tcpflags,maclist When I look at shorewall-init.log, I found out:

First off, I want to say that everyone on this list is great. So heres what I want to do..I have a maclist setup with all my users (roughly 400). There are constantly people leaving (deleting their accounts which removes their MAC address) and registering for internet access ( I have a php webserver that registers them, adds them to the maclist, and allows them on the net). Is there a way to

how to make this work, its seem to me that netfilter is changed more or less someplaces that shorewall do not support, using 4.4.27 shorewall and shorewall6 suggestion welcomed ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99!

Hi, I want to automate some of the maclist and rule functionality: User connects to the network and gets a DHCP address from the shorewall box. Using squid and redirection, all the user can do is go to a login page on the firewall User logs in correctly to the form on the webpage and a process captures MAC and IP address info from the dhcpd.leases file Once authenticated, a maclist entry and an

It is working very good :) Thank You. I only need to write Interface etho in maclist file. My MAC addresses don''t neet the ~ in front of. Thanks ! Maciek -- ---- Oferta jakiej jeszcze nie by³o! Serwer www 60 MB za 99 z³ rocznie Szczegó³y: www.oferta.alpha.pl ----

Return-Path: <viuwier@wp.pl> X-Original-To: shorewall-announce@lists.shorewall.net Delivered-To: shorewall-announce@lists.shorewall.net Received: from smtp.wp.pl (smtp.wp.pl [212.77.101.160]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.shorewall.net (Postfix) with ESMTP id E3D8F33DB3 for

-- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Hi, I''m a long time shorewall user and I like it very much. There is only one thing were I''m not always happy with: the config files. There has been discussion on the list about the comments in the files. My concern is that I loose overview over my configuration because of the many config files. Of course there are advantages too but I thinking wether another config format would

Hello, I have forwarded this to the shorewall-users list. You will find better support for this obscure problem there. Regards, Alex Martin http://www.rettc.com Cristian Valentin Barean wrote: > Hello ! > My name is Barean Cristian, and I have a network of 35 users, on a > Linux Mandrake 9.2 server. > As I was adding more users in my network, I found a problem with

Hi, At the moment I am controlling my LAN client access to the Inet by their MAC address. Currently I am putting their MAC address in the rules file - now the number of the PC that I want to manage is getting more and more and it is not practicle to do this way anymore. My question is, how can I have their MAC address in other separate file? Regards http://www.debian.org/consultants/#Malaysia

hi there. There are approx. 400-500 users in our network and we plan to insert all their MAC addresses into maclist and bind them together with IP address. My question is whether shorewall is able to process that much of MAC addresses without slowing the the network speed performance? thanks for your time. __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new

Hello all, Yesterday I noticed that my system was "leaking" traffic towards the 10/8 network, I have shorewall installed on multiple machines ranging from single interface devices to ones with 10+ interfaces. I tested all the boxes and they are showing the same behavior. All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp. Shorewall version: 2.2.1 For the host mentioned is a single

I''m using shorewall 2.0.x at home as an Internet gateway for family. However my brother always plays online games overnight, so my parents asked whether I can do something on the gateway to control the time of accessing the Internet. I planned to put a script on crontab to schedule which it will execute say at 12:00 night daily, the script will execute a command will deny my brother

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH

I am running version 3.0.7 of Shorewall on a Debian Sarge system, but when I start Shorewall I get this: /usr/share/shorewall/firewall: line 204: 4: command not found I looked there and found this: # Run ip and if an error occurs, stop the firewall and quit # run_ip() { if ! ip $@ ; then if [ -z "$STOPPING" ]; then error_message "ERROR: Command \"ip

i have no idea how to definie for a parallel zone the host file if the second zone (net) should be the composition of the first zone (dmz). i tried all the following combinations in the interface and host files: interface: - eth0 - (variante 1) - eth0 192.168.0.255,255,255,255,255 (variante 2) - eth0 192.168.0.255,!192.168.0.255 (variante 3)