similar to: IPv6 under Centos?

Hi, I have servers where shorewall6 won''t reject nor log: # cat /etc/shorewall6/zones fw firewall net ipv6 # cat /etc/shorewall6/interfaces net eth1 tcpflags (I also tried without "tcpflags", but no changes) # cat /etc/shorewall6/policy $FW all ACCEPT all all REJECT info # cat /etc/shorewall6/rules SECTION NEW (for testing, I removed all the rules) I am testing from

Hey all, Just a sanity check, but should the shorecap script in shorewall6-lite be sourcing /usr/share/shorewall6-lite/lib.base rather than /usr/share/shorewall-lite/lib.base like it does currently? In fact shouldn''t there be a general s/shorewall-lite/shorewall6-lite/ in shorecap in shorewall6-lite? Maybe there is more of that lurking about as well. Also, the first line of the

I am running multiple IPv6 subnets here in my testbed. My IPv6 'router' is a Centos box with IPv6forwarding turned on. It is also my RADVD server (over multiple VLans), and Miredo server/relay. I thought I had a simple ip6table setup that protected the box and let it forward. Well I am wrong. I got my previous DNS over IPv6 working on the DNS server, then tried to get it working

Happy New Year, everyone. With the new year, comes a new major version of Shorewall. The reasons for opening a new version are: 1. The packaging and dependencies have changed in this release. 2. There are minor migration issues. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E

Happy New Year, everyone. With the new year, comes a new major version of Shorewall. The reasons for opening a new version are: 1. The packaging and dependencies have changed in this release. 2. There are minor migration issues. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E

I''d like to ask for clarification on the upgrade procedure using tarballs. In the past, with version 4.4, I have downloaded shorewall-4.4.x.y.tar.bz2 and shorewall6-4.4.x.y.tar.bz2, extracted each, and executed ''install.sh -s'' in each directory. Now there is a new package shorewall-core-4.5.x.y.tar.bz2. As I understand it, with version 4.5, this core package needs to be

Hello, shorewall6 seem to have problems duplicating the main routing table. shorewall6 tries to add the fe80::/64 route of every ipv6 configured interface to routing table 1. The first route applies but the other ones not. If i try to add the routes manually to routing table 1 i have to add the first fe80::/64 route and append not add the other ones. does not work: ip -6 route add table 1

Dear all, I have configured both shorewall and shorewall6 on my firewall. Shorewall is using ULOG as logging target and since that did not seem to work I tried using NFLOG in shorewall6. However, nothing is logged in the /var/log files. Three questions: - What am I doing wrong? I just use LOG=NFLOG in the params file. - Can I use NFLOG for shorewall too? - Do I need ulogd when setting the

I want to test shorewall6 in a scenario with several virtual machines. Each virtual machine has the interface eth0. With IPv4, I would assign an IP-alias to eth0:1 and so would have eth0 and eth0:1 as interfaces for shorewall6. How is this done with IPv6? Viele Grüße Andreas Rittershofer -- ------------------------------------------------------------------------------ Live Security

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized

Tom In Shorewall6 4.4.27 the following proxyndp entry: 2001:4d48:ad51:24::f3 eth2 eth0 no no does not add the required route. The code produced in /var/lib/shorewall6/.restart is: qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2 run_ip route add 2001:4d48:ad51:24::f3/128 dev eth2 Splitting the line into 2 separate lines: qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2

RC 2 is now available for testing (Early RC1 testing on a RedHat-based system with dynamic provider gateways uncovered a couple of debilitating defects in the enable/disable logic). Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in

RC 2 is now available for testing (Early RC1 testing on a RedHat-based system with dynamic provider gateways uncovered a couple of debilitating defects in the enable/disable logic). Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in

We have kernel support for IPv6 in Centos, but not stateful firewall support. That requires at least the 2.6.20 kernel, which means Fedora Core 6 or some other Linux distro. None of the various free Linux firewalls have IPv6 support. Supposedly FWBuilder can manage Netfilters for a Linux Kernel, but that seems to be the extent of it. More sad facts as I uncover them.....

I looked online for documentation about this, but couldn''t find it. Is anybody else running a Teredo relay, on a firewall that has both Shorewall and Shorewall6 installed? I''m running IPv6 at home (thanks to a Hurricane Electric tunnel). I''m having trouble with external Teredo clients being able to ping my home IPv6 addresses. All of these clients can reliably ping

Hi, I have 2 Debian testing boxes running a very similar setup (both running the latest aptosid kernel); on one of them, since the iptables/libxtables10 packages have been upgraded from 1.4.19.1-1 to 1.4.20-2, shorewall-init can''t start shorewall anymore and for this reason ifupdown also fails triggering firewall up. Shorewall can be successfully started later on, and ifupdown starts

In working through an IPv6/TPROXY issue I had, I believe I found a documentation bug: http://www.shorewall.net/manpages6/shorewall6-tcrules.html In the ACTION section, for part 12. SAME: The documentation lists: #ACTION SOURCE DEST PROTO DEST # PORT(S) SAME:P 192.168.1.0/24 0.0.0.0/0 tcp

http://bugzilla.netfilter.org/show_bug.cgi?id=751 Summary: IPv6 bridging bug Product: iptables Version: unspecified Platform: x86_64 OS/Version: Gentoo Status: NEW Severity: normal Priority: P3 Component: ip6tables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: david at

Shorewall 4.5.20 is now available for download. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) On some distributions, the shorewall-lite and shorewall6-lite uninstallers could fail with a syntax error. 2) A