On 9/17/10 4:31 PM, Tom Eastep wrote:
>
> COM_IF_fwd is similar.
>
> I'm not sure whether or not I'll be able to do anything about this in
> the short term.
>
This is a natural consequence of making blacklisting a zone-related
attribute rather than an interface-related attribute. Interface-ori
On Saturday 18 September 2010 01:12:09 Tom Eastep wrote:
> On 9/17/10 4:41 PM, Tom Eastep wrote:
> > On 9/17/10 4:35 PM, Steven Jan Springl wrote:
> >> Tom
> >>
> >> When routestopped contains:
> >>
> >> eth3 192.168.0.0/29,10.1.1.1 notrack
> >>
> >> After 'shorewall start' and 'shorewall clear'
On 9/17/10 4:41 PM, Tom Eastep wrote:
> On 9/17/10 4:35 PM, Steven Jan Springl wrote:
>> Tom
>>
>> When routestopped contains:
>>
>> eth3 192.168.0.0/29,10.1.1.1 notrack
>>
>> After 'shorewall start' and 'shorewall clear' commands have been executed,
>> iptables-save shows the following rules are
On 9/17/10 4:35 PM, Steven Jan Springl wrote:
> Tom
>
> When routestopped contains:
>
> eth3 192.168.0.0/29,10.1.1.1 notrack
>
> After 'shorewall start' and 'shorewall clear' commands have been executed,
> iptables-save shows the following rules are still active:
>
> raw
> :PREROUTING ACCEPT
Tom
When routestopped contains:
eth3 192.168.0.0/29,10.1.1.1 notrack
After 'shorewall start' and 'shorewall clear' commands have been executed,
iptables-save shows the following rules are still active:
raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -s 192.168.0.0/29 -i br1 -m
On 9/17/10 9:10 AM, Tom Eastep wrote:
> Beta 6 is now available for testing. Pay close attention to the
> Blacklisting change in this release; static blacklisting is incompatible
> with blacklisting in Beta 5.
>
> Problems corrected:
>
> 1) 'shorewall clear' (and 'shorewall6 clear') now work aga
On 9/17/10 9:10 AM, Tom Eastep wrote:
> Beta 6 is now available for testing. Pay close attention to the
> Blacklisting change in this release; static blacklisting is incompatible
> with blacklisting in Beta 5.
There are a couple of known problems.
a) Mr Dash 4 has reported that a perl diagnostic
Beta 6 is now available for testing. Pay close attention to the
Blacklisting change in this release; static blacklisting is incompatible
with blacklisting in Beta 5.
Problems corrected:
1) 'shorewall clear' (and 'shorewall6 clear') now work again (broken
in Beta 5).
2) To work around an is
> It depends on which command is being executed.
>
> However, I just thought of a foolproof trick - If you really want to
> relocate shorewall.conf, place this in /etc/shorewall/shorewall.conf:
>
> INCLUDE /path/to/my/shorewall.conf
>
Haven't thought of that before, thanks for the tip!
>
On 9/17/10 7:28 AM, Mr Dash Four wrote:
>
>> It's the way that Shorewall works and the cost of changing it is high
>> enough that it's just not worth the effort.
>>
> Fair enough.
>
>> Your modification to /etc/init.d/shorewall only works on commands issued
>> through that script. Unless your
> It's the way that Shorewall works and the cost of changing it is high
> enough that it's just not worth the effort.
>
Fair enough.
> Your modification to /etc/init.d/shorewall only works on commands issued
> through that script. Unless your log file happens to be in the default
> place, even
> Okay -- I think I have this working.
>
> I propose that we have one more 4.4.13 Beta that includes this new
> blacklisting implementation, and then I'll produce 4.4.13 RC 1.
>
> Any objections?
>
No objections from me as the blacklist issue is the only thing which
needs to be tested - I've t
On 9/17/10 7:00 AM, Mr Dash Four wrote:
>
>> Which only confirms what I wrote -- any system that runs Shorewall must
>> have /etc/shorewall/shorewall.conf; but you are correct that it can be a
>> minimal file.
>>
> I am curious though - is there any reason to have this restriction? This
> 'con
> Which only confirms what I wrote -- any system that runs Shorewall must
> have /etc/shorewall/shorewall.conf; but you are correct that it can be a
> minimal file.
>
I am curious though - is there any reason to have this restriction? This
'configuration' file with just ENABLE_STARTUP=Yes (whi
On 9/16/10 10:22 PM, Lito Kusnadi wrote:
>
> The lsm I got v0.53 compiled as rpm using centos, i can see lsm triggers
> the script (/etc/lsm/script) when a link is down. When the link
> recovers, lsm doesn't trigger the script.
>
> Even the formula in lsm readme file says it can detect the link i
15 matches
Mail list logo
