Re: [Shorewall-users] Tarpit Documentation

Thanks Tom (and Matt). I’ll just leave the Drop rule in place. Bruce > On 8 Oct 2020, at 5:06 am, Tom Eastep wrote: > > On 10/5/20 8:49 PM, Bruce Bannerman wrote: >> Hello everyone, >> >> I’m getting an annoying number of smtp connection attempts from a >> specific IP address that has been

Re: [Shorewall-users] Tarpit Documentation

On 10/5/20 8:49 PM, Bruce Bannerman wrote: > Hello everyone, > > I’m getting an annoying number of smtp connection attempts from a > specific IP address that has been going on for weeks now (several per > minute). > > I’m currently dropping these packets using a shorewall rule. > > I’m thinking

Re: [Shorewall-users] accept HTTP request / drop HTTP reply

On Wed, Oct 7, 2020 at 5:39 PM Tom Eastep wrote: > > I work around this with the following rule in both the INVALID and NEW > sections of my rules file. > > FIN(ACCEPT) { SOURCE=all, DEST=all } > > I also have this in the same two locations: > > RST(ACCEPT) { SOURCE=all, DEST=all } Thank

[Shorewall-users] Fwd: Shorewall reload doesn't reload?

Following Tom's advice, moving this (entire thread (1)) to the devel list. Any thoughts on the below (the patch in question (2) is reattached here)? 1) https://sourceforge.net/p/shorewall/mailman/shorewall-users/thread/d83aa9a2626c6459f58f671af768b570.squirrel%40webmail.bi.corp.invoca.ch/#msg3712

Re: [Shorewall-users] Shorewall reload doesn't reload?

On 10/7/20 8:10 AM, Matt Darfeuille wrote: > On 10/7/2020 4:48 PM, Matt Darfeuille wrote: >> On 10/7/2020 4:27 PM, Simon Matter wrote: > On 10/6/20 8:50 AM, Matt Darfeuille wrote: >> On 10/6/2020 5:11 PM, Tom Eastep wrote: >>> On 10/6/20 7:33 AM, Simon Matter wrote: > On Tue, Oc

Re: [Shorewall-users] Shorewall reload doesn't reload?

On Wed, Oct 07, 2020 at 05:10:51PM +0200, Matt Darfeuille wrote: > > Attached is release-master-1-20.10.07.17.04.57-rfc.patch, which applies > Simon's suggestion. > > > Any feedback an testing is appriciated. > Looks good to me. I also created an issue in the shorewall/debian project for me t

Re: [Shorewall-users] accept HTTP request / drop HTTP reply

On 10/7/20 4:14 AM, Vieri Di Paola wrote: > Hi, > > If my rules allow HTTP and HTTPS access (ports 80, 443) with an ACCEPT > rule such as the following > > ACCEPTlan1:10.215.144.0/23wantcp,udp80,443 > > I'd like to know why I am seeing the following in the shorewall log > when a

Re: [Shorewall-users] Shorewall reload doesn't reload?

On 10/7/2020 4:48 PM, Matt Darfeuille wrote: > On 10/7/2020 4:27 PM, Simon Matter wrote: On 10/6/20 8:50 AM, Matt Darfeuille wrote: > On 10/6/2020 5:11 PM, Tom Eastep wrote: >> On 10/6/20 7:33 AM, Simon Matter wrote: On Tue, Oct 06, 2020 at 03:59:06PM +0200, Simon Matter wrote

Re: [Shorewall-users] Shorewall reload doesn't reload?

On 10/7/2020 4:27 PM, Simon Matter wrote: >>> On 10/6/20 8:50 AM, Matt Darfeuille wrote: On 10/6/2020 5:11 PM, Tom Eastep wrote: > On 10/6/20 7:33 AM, Simon Matter wrote: >>> On Tue, Oct 06, 2020 at 03:59:06PM +0200, Simon Matter wrote: >> Compilation will only happen when '/et

Re: [Shorewall-users] Shorewall reload doesn't reload?

>> On 10/6/20 8:50 AM, Matt Darfeuille wrote: >>> On 10/6/2020 5:11 PM, Tom Eastep wrote: On 10/6/20 7:33 AM, Simon Matter wrote: >> On Tue, Oct 06, 2020 at 03:59:06PM +0200, Simon Matter wrote: > Compilation will only happen when '/etc/shorewall' is modified. > So if I'm n

Re: [Shorewall-users] accept HTTP request / drop HTTP reply

> On Wed, Oct 7, 2020 at 1:31 PM Simon Matter > wrote: >> >> > Hi, >> > >> > If my rules allow HTTP and HTTPS access (ports 80, 443) with an ACCEPT >> > rule such as the following >> > >> > ACCEPTlan1:10.215.144.0/23wantcp,udp80,443 >> > >> > I'd like to know why I am seeing the fo

Re: [Shorewall-users] accept HTTP request / drop HTTP reply

On Wed, Oct 7, 2020 at 1:31 PM Simon Matter wrote: > > > Hi, > > > > If my rules allow HTTP and HTTPS access (ports 80, 443) with an ACCEPT > > rule such as the following > > > > ACCEPTlan1:10.215.144.0/23wantcp,udp80,443 > > > > I'd like to know why I am seeing the following in th

Re: [Shorewall-users] accept HTTP request / drop HTTP reply

> Hi, > > If my rules allow HTTP and HTTPS access (ports 80, 443) with an ACCEPT > rule such as the following > > ACCEPTlan1:10.215.144.0/23wantcp,udp80,443 > > I'd like to know why I am seeing the following in the shorewall log > when a user accesses a web page: > > kernel: Shorewa

Re: [Shorewall-users] mangle TPROXY

On Tue, Oct 6, 2020 at 10:28 AM Witold Tosta wrote: > >> In any case, I'm now using a combination of TPROXY for HTTP and >> redirect interceptions for HTTPS as follows, and both types of traffic >> seem to be proxied without errors. >> > > It seems like it might work. TPROXY for unencrypted http t

[Shorewall-users] accept HTTP request / drop HTTP reply

Hi, If my rules allow HTTP and HTTPS access (ports 80, 443) with an ACCEPT rule such as the following ACCEPTlan1:10.215.144.0/23wantcp,udp80,443 I'd like to know why I am seeing the following in the shorewall log when a user accesses a web page: kernel: Shorewall:wan-lan1:DROP:I

Re: [Shorewall-users] Shorewall reload doesn't reload?

> On 10/6/20 8:50 AM, Matt Darfeuille wrote: >> On 10/6/2020 5:11 PM, Tom Eastep wrote: >>> On 10/6/20 7:33 AM, Simon Matter wrote: > On Tue, Oct 06, 2020 at 03:59:06PM +0200, Simon Matter wrote: Compilation will only happen when '/etc/shorewall' is modified. So if I'm not mis