On Monday 30 April 2007 01:46, Tom Eastep wrote:
Steven Jan Springl wrote:
Tom
If a policy specifies the same SOURCE and DEST zone and LIMIT:BURST is
specified e.g.
lan lan REJECT warn 1
when it is compiled with shorewall-shell, the following message is
produced:
Tom
The following rule ACTIONs are rejected as unknown by shorewall-perl:
CONTINUE! QUEUE! A-
The following rule ACTIONs are rejected as invalid by shorewall-shell:
DROP! REJECT! A-
The following rule:
LOG lan:192.168.0.3 $FW udp 123
is accepted by shorewall-perl, but
Hey Guys,
I run Shorewall 3.4.2 on a Ubuntu 6.06 server machine.
My default policy is drop any,
my rules begin with drop any and end with drop any
After editing the files /usr/share/shorewall/action.Drop and Reject
I was able to steath Port 113.
But Port 1 (tcpmux) is still only closed.
Does
Hi Tom,
I was lurking for a long time here and finally decided to jump into the perl
testing (mostly due to the slow shell compilation).
I upgraded my 3.4.1 to 3.9.4 and run shorewall check on my current settings.
I got a few errors:
Checking /etc/shorewall/blacklist...
ERROR: ipset names
Is there any reason why the output of /usr/share/shorewall-lite/shorecap
is stored on the shorewall-lite target and then scp'd to the shorewall
administrative machine? Why not just capture the output of it directly
to the administrative machine all in one go?
i.e. rather than:
if ! ssh [EMAIL
Steven Jan Springl wrote:
On Monday 30 April 2007 01:46, Tom Eastep wrote:
Steven Jan Springl wrote:
Tom
If a policy specifies the same SOURCE and DEST zone and LIMIT:BURST is
specified e.g.
lan lan REJECT warn 1
when it is compiled with shorewall-shell, the following message is
Marc Mertes wrote:
Hey Guys,
I run Shorewall 3.4.2 on a Ubuntu 6.06 server machine.
My default policy is drop any,
my rules begin with drop any and end with drop any
A real belt and suspenders man, I see.
After editing the files /usr/share/shorewall/action.Drop and Reject
I was able to
Brian J. Murrell wrote:
Is there any reason why the output of /usr/share/shorewall-lite/shorecap
is stored on the shorewall-lite target and then scp'd to the shorewall
administrative machine? Why not just capture the output of it directly
to the administrative machine all in one go?
Because
On Mon, Apr 30, 2007 at 07:42:32AM -0700, Tom Eastep wrote:
Brian J. Murrell wrote:
Is there any reason why the output of /usr/share/shorewall-lite/shorecap
is stored on the shorewall-lite target and then scp'd to the shorewall
administrative machine? Why not just capture the output of it
On Mon, 2007-30-04 at 07:42 -0700, Tom Eastep wrote:
Brian J. Murrell wrote:
Is there any reason why the output of /usr/share/shorewall-lite/shorecap
is stored on the shorewall-lite target and then scp'd to the shorewall
administrative machine? Why not just capture the output of it
Steven Jan Springl wrote:
Tom
The following rule ACTIONs are rejected as unknown by shorewall-perl:
CONTINUE! QUEUE! A-
The following rule ACTIONs are rejected as invalid by shorewall-shell:
DROP! REJECT! A-
The following rule:
LOG lan:192.168.0.3 $FW udp 123
On Monday 30 April 2007 16:25, Tom Eastep wrote:
Steven Jan Springl wrote:
Tom
The following rule ACTIONs are rejected as unknown by shorewall-perl:
CONTINUE! QUEUE! A-
The following rule ACTIONs are rejected as invalid by shorewall-shell:
DROP! REJECT! A-
The
Tom
When the following rule is compiled with shorewall-shell:
CONTINUE! lan:192.168.0.3 $FW udp 123
produces the following error messages:
iptables v1.3.6: Couldn't load target
`CONTINUE':/lib/iptables/libipt_CONTINUE.so: cannot open shared object file:
No such file or directory
Andras Sarkozy wrote:
Hi Tom,
I was lurking for a long time here and finally decided to jump into the perl
testing (mostly due to the slow shell compilation).
I upgraded my 3.4.1 to 3.9.4 and run shorewall check on my current settings.
The given file set compiles with the shell compiler
Steven Jan Springl wrote:
Tom
When the following rule is compiled with shorewall-shell:
CONTINUE! lan:192.168.0.3 $FW udp 123
produces the following error messages:
iptables v1.3.6: Couldn't load target
`CONTINUE':/lib/iptables/libipt_CONTINUE.so: cannot open shared object file:
On Monday 30 April 2007 19:02, Tom Eastep wrote:
Steven Jan Springl wrote:
Tom
When the following rule is compiled with shorewall-shell:
CONTINUE! lan:192.168.0.3 $FW udp 123
produces the following error messages:
iptables v1.3.6: Couldn't load target
Tom
The following rule:
LOG:6! lan:192.168.0.3 $FW udp 123
produces the following error message when compiled with
shorewall-perl:
ERROR: Invalid log level (6!)
It works when compiled with shorewall-shell.
Steven.
-
Tom Eastep wrote:
Steven Jan Springl wrote:
On Monday 30 April 2007 01:46, Tom Eastep wrote:
Steven Jan Springl wrote:
Tom
If a policy specifies the same SOURCE and DEST zone and LIMIT:BURST is
specified e.g.
lan lan REJECT warn 1
when it is compiled with shorewall-shell, the
On Monday 30 April 2007 19:38, Tom Eastep wrote:
Tom Eastep wrote:
Steven Jan Springl wrote:
On Monday 30 April 2007 01:46, Tom Eastep wrote:
Steven Jan Springl wrote:
Tom
If a policy specifies the same SOURCE and DEST zone and LIMIT:BURST is
specified e.g.
lan lan REJECT
Brian J. Murrell wrote:
On Mon, 2007-30-04 at 11:53 -0700, Tom Eastep wrote:
There is no reason to have the capabilities file resident on the Shorewall
Lite firewall system.
The following patch to 3.4.2 should take care of this:
Brian,
Please send the patch as an attachment rather than
On Mon, 2007-30-04 at 12:06 -0700, Tom Eastep wrote:
Brian J. Murrell wrote:
On Mon, 2007-30-04 at 11:53 -0700, Tom Eastep wrote:
There is no reason to have the capabilities file resident on the Shorewall
Lite firewall system.
The following patch to 3.4.2 should take care of this:
Brian J. Murrell wrote:
On Mon, 2007-30-04 at 12:06 -0700, Tom Eastep wrote:
Brian J. Murrell wrote:
On Mon, 2007-30-04 at 11:53 -0700, Tom Eastep wrote:
There is no reason to have the capabilities file resident on the Shorewall
Lite firewall system.
The following patch to 3.4.2 should take
Shorewall 3.9.5 is available at
http://www1.shorewall.net/pub/shorewall/development/3.9/shorewall-3.9.5/
Lots of bugs fixed since last week. Thanks to all of you who are testing 3.9
(and a special thanks to Steven Springl).
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented
Problems corrected in Shorewall 3.4.3
1) The shorecap program was not loading modules correctly.
2) The CHAIN variable is now set correctly before the 'maclog' script
is invoked.
3) The 'shorewall load' and 'shorewall reload' commands redundently
re-generated the capabilities file
Andrew Suffield wrote:
On Mon, Apr 30, 2007 at 07:42:32AM -0700, Tom Eastep wrote:
Brian J. Murrell wrote:
Is there any reason why the output of /usr/share/shorewall-lite/shorecap
is stored on the shorewall-lite target and then scp'd to the shorewall
administrative machine? Why not just
On Monday 30 April 2007 23:10, Tom Eastep wrote:
Shorewall 3.9.5 is available at
http://www1.shorewall.net/pub/shorewall/development/3.9/shorewall-3.9.5/
Lots of bugs fixed since last week. Thanks to all of you who are testing
3.9 (and a special thanks to Steven Springl).
Tom
You are
Steven Jan Springl wrote:
On Monday 30 April 2007 23:10, Tom Eastep wrote:
Shorewall 3.9.5 is available at
http://www1.shorewall.net/pub/shorewall/development/3.9/shorewall-3.9.5/
Lots of bugs fixed since last week. Thanks to all of you who are testing
3.9 (and a special thanks to Steven
Hi I just installed Debian in a dual boot.
The first thing I wanted to do is to set up the firewall.
I have a lan with 3 computer, router, and dsl modem
When typing ifconfig
I get eth1 and lo
I do not see the eth0 the connection between router/modem.
I wanted to set up a two interface firewall
Hi,
if you are behind a router, then the router is your firewall, since
you are not directly connected to the Internet. You can't setup a two
interface firewall in that case, because your computer only has one
interface, and doesn't even handle the routing to the internet.
~David
On 4/30/07,
On 5/1/07, Frank Parker [EMAIL PROTECTED] wrote:
When typing ifconfig
I get eth1 and lo
I do not see the eth0 the connection between router/modem.
I wanted to set up a two interface firewall but it seems that my computer
does not recognize the eth0 interface.
I still have internet
30 matches
Mail list logo