similar to: Shorewall operating status and how to stay "blocked"

I get this enabling the option "routestopped" in my interface (eth0, net, one interface): Failed to apply configuration : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... ERROR: Invalid Interface option (routestopped) : /etc/shorewall/interfaces (line 11) Means that routestopped don''tt work, is it? Then, what could i do? Thank you very

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

Hi! I am looking for suggestions how I can add rules (or change the configuration otherwise) without interrupting of services. Right now, when I need to do a ''shorewall restart'' all services are not available during this time. I tried playing with the ''routestopped'' parameter but without success. How do you get around this? Thanks in advance, Christian

Although Shorewall provides safeguards against it, people seem to regularly shoot themselves in the foot when doing remote system administration. I''ve been thinking about this problem and wonder if a change to the way that "shorewall stop" behaves might help. Today, "shorewall stop" stops all traffic except to/from those destinations listed in

Shorewall 1.3.4 is available: 1. A new /etc/shorewall/routestopped file has been added. This file is intended to eventually replace the routestopped option in the /etc/shorewall/interface and /etc/ shorewall/hosts files. This new file makes remote firewall administration easier by allowing any IP or subnet to be enabled while Shorewall is stopped. 2. An /etc/shorewall/stopped

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello I try to setup a bridge firewall base on http://shorewall.net/bridge.html I''m using shorewall-1.4.10g-1. I doublecheck on /etc/shorewall/routestopped file on my firewall, and there is no "OPTIONS" options. Should I use different shorewall version ? Thanks -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)

Hi, I''ve noticed that if I have NIS enabled then shorewall will fail to start correctly as there is a brief time during startup (and restart) that the network is wholly disconnected causing NIS to object during RPC. The problem appears to be that during initialization and building of the chains the default is to allow existing connections and internal traffic to/from loopback,

The following is taken from the Release notes for 2.2.3 (which will be released in a month or so). 2) There has been ongoing confusion about how the /etc/shorewall/routestopped file works. People understand how it works with the ''shorewall stop'' command but when they read that ''shorewall restart'' is logically equivalent to ''shorewall

Hello, I use some define in classes like class foo { define bar() {} } before in .22.4 i had require => Bar[''mybar''] on object and it worked. Now i have : err: Could not apply complete configuration: Could not retrieve dependency ''Shorewall-realize[shorewall.conf]'' at /etc/puppet/manifests/classes/shorewall.pp: for exemple. Do anyone knwo why it

Hi, Using shorewall for the first time (a woody .deb of version 1.2.12). After reading the docs, I still have a couple of questions regarding some parameters from the interfaces file. 1) Is rfc1918 not just a specific implementation of routefilter ? The sample file in two-interface.tgz uses them both, but they seem to at least overlap. Since my internal network will be 192.168.1.0/24, will

Hello Tom, I''ve been using Shorewall for years without problems. My previous version of shorewall was 1.4.6b-1. Everything worked just fine. Today I upgraded using rpm to 2.0.8-1. After update no one can connect to any interface from net. Server can connect to outside world fine and those described in routestopped have no problem connecting. Any help correcting this problem would be

Hello, I''ve "emerged" Shorewall 2.0.7 onto my Gentoo pc. Going through the 2 interface quickstart guide I download the 2.0.1 interface sample and untar it. "tar -zxvf two-interfaces.tgz" Maybe a dumb question but I can''t find anything on Google or the Shorewall mail archives that say anything about this. So I''m assuming its me. :P But the

Hi folks, A while back we had some discussions about integrating heartbeat and shorewall. Thanks to your help and the excellent state of Linux failover clustering, i''ve managed to install my high-availability firewall. I know there''s already a howto for it at http://www.xenos.net/library/hafirewall.html, but i thought i would document my setup for others, since it''s

I am currently using shorewall on leaf-bering. I have set it up with keepalived to create a high availabilty firewall cluster. I have an odd question in regards to shorewall. Currently in production I have keepalived controlling shorewall starts and stops. If I remove this and leave shorewall running on the backup firewall, will I run into any problems with having the nat tables built out and

Setting up MAC Verification on eth0... Error: Interface eth0 must be up before Shorewall can start my : /etc/shorewall/shorewall.conf: MACLIST_DISPOSITION=REJECT MACLIST_LOG_LEVEL=info interfaces: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 217.96.90.242 noping loc eth0 255.255.255.0 routestopped,maclistmaclist: maclist: #INTERFACE MAC IP

Hello, First , thanks to Tom for it''s great job ! Netfilter is really easy and powerfull with shorewall. So, I have configured two firewalls whith shorewall using keepalived for the redundant VRRP stuff. FW-a is MASTER and FW-b is BACKUP. Everything works correctly and FW-b upgrade to MASTER when FW-a is down or disconnected. FW-b downgrade to BACKUP when FW-a comes back. But when I

Using Shorewall v1.2, and testing the firewall using scan.sygate.com, I am informed that several ports (web (80), ident (113) and DCE locator (135) are ''closed'' rather than ''blocked''. All other ports show as blocked or ''stealthed''. I haven''t set up any rules or policies that have anything to do with 80, 113 or 135. Is this

When I install the two-interfaces files in /etc/shorewall on my FC-5 system (with shorewall-3.2.3) and run "services shorewall restart" I get ------------------------------------------------------ cp -a interfaces masq policy routestopped rules zones /etc/shorewall/ ... [root@alfred shorewall]# service shorewall restart ... Determining Zones... ERROR: Zone fw is defined more than once

Hi all, I''m working on a patch for shorewall to make it run with a Crossbeam X40 machine (www.crossbeamsystems.com) and I would like to know where to send it, is this list the correct location?. The patch is necesary because of Crossbeam X series running mode: when you make a shorewall start, restart or clear, there are a packet dropping until shorewall is Started or cleaned. At