similar to: Blacklist problems - iptables v1.2.4: Unknown arg ''--log-level''

hi, if i would like to use ulog (in order to split netfilter messages from other kernel messages), than i have to set all loglevel to ULOG? and then is there any way to define diferent loglevel for eg. maclist? thanks in advance. yours. ps. it''s a bit confusing that all loglevel parameter name is LOG_LEVEL except BLACKLIST_LOGLEVEL:-( -- Levente

Hello: I just started using Shorewall this morning and must say that I''m very impressed. Much nicer than what I was using previously. I love the ability to type ''shorewall logdrop ww.xx.yy.zz'' and completely block a particular IP address. However, the log part doesn''t happen. When I look in the logdrop chain, there is no LOG prefix. I''ve looked

Hello list members, Over the past 12 hours my firewall box has had over 300 hits to port 1434 from numerous ip''s. I ran tcpdump on a couple of them and it looks like the ms-sql exploit attempt. I don''t use ms-sql. I''ve always gotten a few hits per day, but now it''s gotten out of control. I use logcheck to email the system logs to me and at this rate by the

I helped set up a firewall at my brother''s church and we are running shorewall 1.4.6b on a redhat 9 box. Works well. [root@fumcbafw shorewall]# uname -r 2.4.20-19.9 [root@fumcbafw shorewall]# iptables --version iptables v1.2.7a The box also serves as a dhcp server for the church offices and there is one box that apparently still has the old firewall config (zone alarm) on it since it

Return-Path: <viuwier@wp.pl> X-Original-To: shorewall-announce@lists.shorewall.net Delivered-To: shorewall-announce@lists.shorewall.net Received: from smtp.wp.pl (smtp.wp.pl [212.77.101.160]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.shorewall.net (Postfix) with ESMTP id E3D8F33DB3 for

Hi, Using 4.4.23.2 on a single host. A host x.x.x.x is sending traffic although it blacklisted and blocked rules rules: DROP net:x.x.x.x/21 $FW - - - DROP net:x.x.x.x/22 $FW - - - DROP $FW net:x.x.x.x/21 - - - DROP $FW net:x.x.x.x/22 - - -

Hello, I want not to log some dropped packets going from net to fw, i.e. to exclude some ports. For example, I get lots of denied SPT=4672 DPT=7476 packets in /var/log/messages. I know I can probably do this by using ulog or some other logging system and writing some rules to exclude "SPT=4672", but is it possible for shorewall not to log some ports? Sorry if it is obvious, but I

Dear All, After installing Shorewall, on a router with 4 NIC, seems running ok. Next day, when connecting from clients, (MS) we keep getting ip conflict for non-conflicting ip addresses. Any help is appreciated. Detals of Startup: + shift + nolock= + ''['' 1 -gt 1 '']'' + trap ''my_mutex_off; exit 2'' 1 2 3 4 5 6 9 + command=start +

Hello all, Yesterday I noticed that my system was "leaking" traffic towards the 10/8 network, I have shorewall installed on multiple machines ranging from single interface devices to ones with 10+ interfaces. I tested all the boxes and they are showing the same behavior. All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp. Shorewall version: 2.2.1 For the host mentioned is a single

I am running version 3.0.7 of Shorewall on a Debian Sarge system, but when I start Shorewall I get this: /usr/share/shorewall/firewall: line 204: 4: command not found I looked there and found this: # Run ip and if an error occurs, stop the firewall and quit # run_ip() { if ! ip $@ ; then if [ -z "$STOPPING" ]; then error_message "ERROR: Command \"ip

One feature that I haven't seen in OpenSSH (It may be there) is an automatic blacklisting of IP addresses when a certain number of login attempts are reached from that IP address. It seems like it is popular these days to try brute force access on password cracking and automatic blacklisting may limit these attempts. Best regards/Nils Hammar

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH

I thought you all would like to know that Google considers Nouveau to be unstable and is now actively considering blacklisting. Please see this issue on their issue tracker. https://bugs.chromium.org/p/chromium/issues/detail?id=876523 -------------- next part -------------- An HTML attachment was scrubbed... URL:

http://dovecot.org/releases/1.2/dovecot-1.2.4.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.4.tar.gz.sig I'll be on vacation for the rest of this week. I'll read my mails once in a while though. * acl: When looking up ACL defaults, use global/local default files if they exist. So it's now possible to set default ACLs by creating dovecot-acl file to the mail root

http://dovecot.org/releases/1.2/dovecot-1.2.4.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.4.tar.gz.sig I'll be on vacation for the rest of this week. I'll read my mails once in a while though. * acl: When looking up ACL defaults, use global/local default files if they exist. So it's now possible to set default ACLs by creating dovecot-acl file to the mail root

Hi. I would like to blacklist a few callers and I have been using the *CLI> database put blacklist 1234 "annoying callers". Instead of putting the same command for every user is there any way to have a file? Ideally a file in /opt that I would update the blacklisted numbers (add,remove). Is there anything like that, please?<br>

Everyone, Progress was slow today. I started out well, but then I ran into Documentation.htm. Progress slowed considerably, as I analyzed the document structure. I''m up to /etc/shorewall/hosts Configuration. I hope to finish Documentation.xml by tomorrow evening. Converted documents: 6to4.xml CorpNetwork.xml FAQ.xml Please post feedback, if you see any problems with the converted

This mail goes mainly to Tom, as he sent some Laptop configurations files to the list. I checked the files you had sent to the list as answer to [Shorewall-users] Shorewall on a laptop Now - Is there a specific reason why you actually lock/blacklist the following ports ? - udp 1024:1033,1434 - tcp 57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898 These should IMHO be blocked by

I was wondering if i could stick a certain ip in the blocklist, but at the same time have an allow rule for http in the rules section. In other words i would like to block pretty much all access from a certain internet address except for http from the internal network. So does the rules file get parsed before the blacklist in the firewall to make this possible?

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1.) This is just a curiousity question. And I don''t know if this a Gentooism or not. In regards to when a package is determined "Stable". Shorewall is my example. I''m running Gentoo linux and I have it setup to only allow "emerging" of "stable" pkgs. "I have no idea how they (Gentoo, or the