Thanks Tom (and Matt).
I’ll just leave the Drop rule in place.
Bruce
> On 8 Oct 2020, at 5:06 am, Tom Eastep wrote:
>
> On 10/5/20 8:49 PM, Bruce Bannerman wrote:
>> Hello everyone,
>>
>> I’m getting an annoying number of smtp connection attempts from a
>> specific IP address that has been
On 10/5/20 8:49 PM, Bruce Bannerman wrote:
> Hello everyone,
>
> I’m getting an annoying number of smtp connection attempts from a
> specific IP address that has been going on for weeks now (several per
> minute).
>
> I’m currently dropping these packets using a shorewall rule.
>
> I’m thinking
On Wed, Oct 7, 2020 at 5:39 PM Tom Eastep wrote:
>
> I work around this with the following rule in both the INVALID and NEW
> sections of my rules file.
>
> FIN(ACCEPT) { SOURCE=all, DEST=all }
>
> I also have this in the same two locations:
>
> RST(ACCEPT) { SOURCE=all, DEST=all }
Thank
Following Tom's advice, moving this (entire thread (1)) to the devel list.
Any thoughts on the below (the patch in question (2) is reattached here)?
1)
https://sourceforge.net/p/shorewall/mailman/shorewall-users/thread/d83aa9a2626c6459f58f671af768b570.squirrel%40webmail.bi.corp.invoca.ch/#msg3712
On 10/7/20 8:10 AM, Matt Darfeuille wrote:
> On 10/7/2020 4:48 PM, Matt Darfeuille wrote:
>> On 10/7/2020 4:27 PM, Simon Matter wrote:
> On 10/6/20 8:50 AM, Matt Darfeuille wrote:
>> On 10/6/2020 5:11 PM, Tom Eastep wrote:
>>> On 10/6/20 7:33 AM, Simon Matter wrote:
> On Tue, Oc
On Wed, Oct 07, 2020 at 05:10:51PM +0200, Matt Darfeuille wrote:
>
> Attached is release-master-1-20.10.07.17.04.57-rfc.patch, which applies
> Simon's suggestion.
>
>
> Any feedback an testing is appriciated.
>
Looks good to me.
I also created an issue in the shorewall/debian project for me t
On 10/7/20 4:14 AM, Vieri Di Paola wrote:
> Hi,
>
> If my rules allow HTTP and HTTPS access (ports 80, 443) with an ACCEPT
> rule such as the following
>
> ACCEPTlan1:10.215.144.0/23wantcp,udp80,443
>
> I'd like to know why I am seeing the following in the shorewall log
> when a
On 10/7/2020 4:48 PM, Matt Darfeuille wrote:
> On 10/7/2020 4:27 PM, Simon Matter wrote:
On 10/6/20 8:50 AM, Matt Darfeuille wrote:
> On 10/6/2020 5:11 PM, Tom Eastep wrote:
>> On 10/6/20 7:33 AM, Simon Matter wrote:
On Tue, Oct 06, 2020 at 03:59:06PM +0200, Simon Matter wrote
On 10/7/2020 4:27 PM, Simon Matter wrote:
>>> On 10/6/20 8:50 AM, Matt Darfeuille wrote:
On 10/6/2020 5:11 PM, Tom Eastep wrote:
> On 10/6/20 7:33 AM, Simon Matter wrote:
>>> On Tue, Oct 06, 2020 at 03:59:06PM +0200, Simon Matter wrote:
>> Compilation will only happen when '/et
>> On 10/6/20 8:50 AM, Matt Darfeuille wrote:
>>> On 10/6/2020 5:11 PM, Tom Eastep wrote:
On 10/6/20 7:33 AM, Simon Matter wrote:
>> On Tue, Oct 06, 2020 at 03:59:06PM +0200, Simon Matter wrote:
> Compilation will only happen when '/etc/shorewall' is modified.
> So if I'm n
> On Wed, Oct 7, 2020 at 1:31 PM Simon Matter
> wrote:
>>
>> > Hi,
>> >
>> > If my rules allow HTTP and HTTPS access (ports 80, 443) with an ACCEPT
>> > rule such as the following
>> >
>> > ACCEPTlan1:10.215.144.0/23wantcp,udp80,443
>> >
>> > I'd like to know why I am seeing the fo
On Wed, Oct 7, 2020 at 1:31 PM Simon Matter wrote:
>
> > Hi,
> >
> > If my rules allow HTTP and HTTPS access (ports 80, 443) with an ACCEPT
> > rule such as the following
> >
> > ACCEPTlan1:10.215.144.0/23wantcp,udp80,443
> >
> > I'd like to know why I am seeing the following in th
> Hi,
>
> If my rules allow HTTP and HTTPS access (ports 80, 443) with an ACCEPT
> rule such as the following
>
> ACCEPTlan1:10.215.144.0/23wantcp,udp80,443
>
> I'd like to know why I am seeing the following in the shorewall log
> when a user accesses a web page:
>
> kernel: Shorewa
On Tue, Oct 6, 2020 at 10:28 AM Witold Tosta wrote:
>
>> In any case, I'm now using a combination of TPROXY for HTTP and
>> redirect interceptions for HTTPS as follows, and both types of traffic
>> seem to be proxied without errors.
>>
>
> It seems like it might work. TPROXY for unencrypted http t
Hi,
If my rules allow HTTP and HTTPS access (ports 80, 443) with an ACCEPT
rule such as the following
ACCEPTlan1:10.215.144.0/23wantcp,udp80,443
I'd like to know why I am seeing the following in the shorewall log
when a user accesses a web page:
kernel: Shorewall:wan-lan1:DROP:I
> On 10/6/20 8:50 AM, Matt Darfeuille wrote:
>> On 10/6/2020 5:11 PM, Tom Eastep wrote:
>>> On 10/6/20 7:33 AM, Simon Matter wrote:
> On Tue, Oct 06, 2020 at 03:59:06PM +0200, Simon Matter wrote:
Compilation will only happen when '/etc/shorewall' is modified.
So if I'm not mis
16 matches
Mail list logo