Nevermind. The problem is that use invoked the Invalid action
from
within the INVALID section. If you replace 'Invalid(DROP)' with 'DROP'
in that section, it works correctly.
Make that ...that *you* invoked the
OK thank you for your time.
Hello Tom.
Please find enclosed the requested file as well as my full
configuration.
Also I noticed that the reap option provided in the recent match is not
detected by Shorewall whereas it seems to be available :
$ sudo iptables -N test
$ sudo iptables -A test -m recent
Hi All!
I've no hit the same problem I hit quite some time back in trying to
replace a rather limited script based iptables rule generator. Now I
have no option really. The customer now has add a nice new 5M fibre
connection to supplement the existing 1 leased line as well as an adsl
link
On 3/27/2014 8:12 AM, Hervé Werner wrote:
Hello Tom.
Please find enclosed the requested file as well as my full
configuration.
Also I noticed that the reap option provided in the recent match is not
detected by Shorewall whereas it seems to be available :
$ sudo iptables -N
On 3/27/2014 9:44 AM, Tom Eastep wrote:
Regarding 'reap' :
root@gateway:~# shorewall show -f capabilities | fgrep REAP
REAP_OPTION=Yes
root@gateway:~# shorewall -vvv check | fgrep -i reap
Recent Match --reap option: Available
REAP_OPTION*
root@gateway:~# shorewall version
4.5.21.7
On 3/27/2014 8:53 AM, Angela Williams wrote:
Hi All!
I've no hit the same problem I hit quite some time back in trying to
replace a rather limited script based iptables rule generator. Now I
have no option really. The customer now has add a nice new 5M fibre
connection to supplement the
On 3/27/2014 8:12 AM, Hervé Werner wrote:
Hello Tom.
Please find enclosed the requested file as well as my full
configuration.
Also I noticed that the reap option provided in the recent match is not
detected by Shorewall whereas it seems to be available :
$ sudo
On 3/27/2014 10:36 AM, Hervé Werner wrote:
Regarding 'reap' :
root@gateway:~# shorewall show -f capabilities | fgrep REAP
REAP_OPTION=Yes
root@gateway:~# shorewall -vvv check | fgrep -i reap
Recent Match --reap option: Available
REAP_OPTION*
root@gateway:~# shorewall version
Hi Tom!
On 27/03/2014 19:02, Tom Eastep wrote:
On 3/27/2014 8:53 AM, Angela Williams wrote:
Hi All!
I've no hit the same problem I hit quite some time back in trying to
replace a rather limited script based iptables rule generator. Now I
have no option really. The customer now has add a nice
On 3/27/2014 10:36 AM, Hervé Werner wrote:
On 3/27/2014 8:12 AM, Hervé Werner wrote:
Hello Tom.
Please find enclosed the requested file as well as my full
configuration.
Also I noticed that the reap option provided in the recent match is not
detected by Shorewall whereas it
On 3/27/2014 10:54 AM, Angela Williams wrote:
Hi Tom!
On 27/03/2014 19:02, Tom Eastep wrote:
On 3/27/2014 8:53 AM, Angela Williams wrote:
Hi All!
I've no hit the same problem I hit quite some time back in trying to
replace a rather limited script based iptables rule generator. Now I
have
I'm running Shorewall 4.5.16.1 on an Ubuntu 13.10 system.
Is it possible to specify a CIDR range in the proxyarp file? Or do I
really need to list each individual IP address separately?
--
*Rich Wales*
ri...@richw.org
On Thu, Mar 27, 2014 at 12:47:29PM -0700, Rich Wales wrote:
I'm running Shorewall 4.5.16.1 on an Ubuntu 13.10 system.
Is it possible to specify a CIDR range in the proxyarp file? Or do I
really need to list each individual IP address separately?
From the shorewall-proxyarp(5) man
On 3/27/2014 1:48 PM, Roberto C. Sánchez wrote:
On Thu, Mar 27, 2014 at 12:47:29PM -0700, Rich Wales wrote:
I'm running Shorewall 4.5.16.1 on an Ubuntu 13.10 system.
Is it possible to specify a CIDR range in the proxyarp file? Or do I
really need to list each individual IP address
/You can, however, set the proxyarp option on an interface which causes that
interface to respond to ARP requests for any address that the system has a
route to (other than out of the interface receiving the ARP request). -Tom/
Thanks.
I have another, sort-of-related question, but I'll ask
Is there any way to specify arbitrary host or network routes to be added to a
firewall's routing tables in Shorewall?
I have a list of individual destinations (external to my LAN) which I need to
reach via a bastion host connected to my firewall via a VPN. Up till now,
I've been adding host
16 matches
Mail list logo