On 31.10.2016 19:27, Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 10/31/2016 10:44 AM, Ob Noxious wrote:
>> Hi,
>>
>> You probably already know most of its contents but here's a nice
>> introduction to NFTables:
>>
>> http://developers.redhat.com/blog/2016/10/28/what
On 23.01.2015 14:29, Gerhard Wiesinger wrote:
> Hello,
>
> I'm having a problem that I get doubled logs:
> Jan 23 14:22:05 fw kernel: [63639.395178] SW:net2fw:
> Jan 23 14:22:05 fw kernel: SW:net2fw: ...
>
> I read already FAQ and logging of shorewall and debugged
Hello,
I'm having the following problem with IPv6 and a private internal LAN
which will be masqueraded to the public internet (I don't want to have
public IPs in the LAN because of some static IPs and tracking) . Rules
are generated by shorewall.
Problem is that ICMP6 packets source address is
On 08.04.2015 13:07, Gerhard Wiesinger wrote:
> Hello,
>
> Are iptraps supported or planned to support it?
> See:https://github.com/ktsaou/firehol/wiki/Working-with-traps
>
> Thank you.
>
> Ciao,
> Gerhard
>
Any ideas how to use dynamic adding to ipsets with sh
On 24.04.2015 10:38, Laurens Blankers wrote:
The Shorewall documentation provides a custom Perl action to perform
stateful port knocking:
http://shorewall.net/Events.html#Stateful
However I believe it is also possible using just the events
functionality without any custom code.
Here are the
Hello,
Are iptraps supported or planned to support it?
See: https://github.com/ktsaou/firehol/wiki/Working-with-traps
Thank you.
Ciao,
Gerhard
--
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop you
On 29.01.2015 17:24, Tom Eastep wrote:
> On 1/29/2015 8:20 AM, Tom Eastep wrote:
>> On 1/28/2015 12:39 AM, Gerhard Wiesinger wrote:
>>> Hello,
>>>
>>> I've set all ip addresses in /etc/hosts.
>>>
>>> But I'm unable to use
>>
Hello,
I've set all ip addresses in /etc/hosts.
But I'm unable to use
SMTP(ACCEPT) myzone loc:smtp-server
ERROR: Unknown Interface (smtp-server)
/usr/share/shorewall/macro.SMTP (line 21)
from /etc/shorewall/rules (line 157)
# IP addresses work well
SMTP(ACCEPT) myzone
On 23.01.2015 17:46, Tom Easte p wrote:
> On 1/23/2015 5:29 AM, Gerhard Wiesinger wrote:
>> Hello,
>>
>> I'm having a problem that I get doubled logs:
>> Jan 23 14:22:05 fw kernel: [63639.395178] SW:net2fw:
>> Jan 23 14:22:05 fw kernel: SW:net2fw: ...
&
On 23.01.2015 17:44, Tom Eastep wrote:
> On 1/23/2015 5:59 AM, Gerhard Wiesinger wrote:
>> Hello,
>>
>> Is it possible to specify multiple zones or define virtual zones to get
>> better readibility?
>>
>> e.g. following config (all can not be used becau
Hello,
Is it possible to specify multiple zones or define virtual zones to get
better readibility?
e.g. following config (all can not be used because there exist more than
the 3 zones):
SSH(ACCEPT) loc $FW
SSH(ACCEPT) loc dmz
SSH(ACCEPT) loc net
Hello,
I'm having a problem that I get doubled logs:
Jan 23 14:22:05 fw kernel: [63639.395178] SW:net2fw:
Jan 23 14:22:05 fw kernel: SW:net2fw: ...
I read already FAQ and logging of shorewall and debugged rsyslog.
It looks like that 2 messages are generated:
1.) via kernel logging (=> ends
Hello,
I've a project with classically 3 zone: internet, internal net, DMZ.
Some public tcp services provided to the internet by DMZ services (e.g.
mydomain.example.com) should be also available WITHOUT split DNS from
the internal subnet. Therefore some forwards are configured from the
firewal
On 20.09.2014 18:20, PGNd wrote:
> Hi Gerhard
>
> On Sat, Sep 20, 2014, at 08:53 AM, Gerhard Wiesinger wrote:
>
>
> Thanks for the comments.
>
> Re: the stateful approach, knockd's config-specified rules allow for
> arbitrary rule-setting. I do, now, underst
On 20.09.2014 17:15, PGNd wrote:
> Gerhard,
>
> On 24.06.2014 19:28, Gerhard Wiesinger wrote:
>> Please find attached a "real" stateful Port Knocking Module for shorewall.
>> Was quite a challenge to write a
>> stateful iptables "program".
> I
PT");
}
Hello Werner, hello Tom,
Thank you for pointing out the missing statement when logging is
enabled. Can you also share your experience?
@Tom: To avoid code duplication can you apply the patch attached on the
latest online version (add_rule outside of the if).
BTW: @Tom: Ca
On 29.06.2014 18:05, Tom Eastep wrote:
> On 6/28/2014 11:38 PM, Gerhard Wiesinger wrote:
> Hi Gerhard,
>
>> A short example directly on the web page as with the other module would
>> be great.
> Please verify what I wrote for accuracy and completeness:
>
> http:/
On 29.06.2014 03:09, Tom Eastep wrote:
> On 6/27/2014 11:15 PM, Gerhard Wiesinger wrote:
>
>> Yes, were only minor modifications, looks good to me.
>>
> Let me know if you want anything added:
>
> http://www.shorewall.org/Events.html#Stateful
>
Hello Tom,
A
On 27.06.2014 19:51, Tom Eastep wrote:
>
> Sorry to be slow responding. Very busy week at work this week.
>
> I guess what I would like to do is to place this in the contrib
> directory on the server and create a link to it from the port mapping page.
>
> If the .pm is installed in site_perl, and i
On 24.06.2014 19:28, Gerhard Wiesinger wrote:
On 20.06.2014 20:03, Tornhoof wrote:
Hi, I previously used (4.5.x, 4.6.0) the following Portknocking
configuration (from here http://shorewall.net/Events.html):
Please find attached a "real" stateful Port Knocking Module for
shor
l iptables "program".
Feedback is welcome.
@Tom: Can you integrate it in the next version?
Thank you.
Ciao,
Gerhard
||
#
# This program is under GPL
[http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2012 - Gerhard Wiesinger (shorew...@wiesinger.com)
# (c) b
Hello,
I've the following configuration:
Internet <=> Host with fixed IP <=> OpenVPN Tunnel <=> Firewall Host
with dynamic IP <=> DMZ
Firewall Host with dynamic IP isn't the gateway.
I've configured:
1.) "Host with fixed IP" a DNAT forward into the OpenVPN Tunnel (OK):
SMTP(DNAT) net
Hello,
I'm new to shorewall and ipsets but have experience on low level
iptables rules.
I read already the following documentation:
http://www.shorewall.net/Introduction.html
http://www.shorewall.net/three-interface.htm
http://www.shorewall.net/GettingStarted.html
http://www.shorewall.net/shorew
23 matches
Mail list logo
