Re: [Shorewall-users] Multiple providers on the same interface in Shorewall 5.0

On 14/07/18 06:54, Tom Eastep wrote: > On 07/13/2018 10:32 AM, James Andrewartha wrote: >> What ip address should I specify then? Or do I assign a new IP for the >> firewall on the interface for each gateway? > > You enter the IP address of the interface. So long as all gatew

Re: [Shorewall-users] Multiple providers on the same interface in Shorewall 5.0

: [Shorewall-users] Multiple providers on the same interface in Shorewall 5.0 On 07/13/2018 08:05 AM, James Andrewartha wrote: > On 13/07/18 22:49, Matt Darfeuille wrote: >> On 7/13/2018 4:05 PM, James Andrewartha wrote: >>> Is the changelog accessible on the shorewa

Re: [Shorewall-users] Multiple providers on the same interface in Shorewall 5.0

On 13/07/18 22:49, Matt Darfeuille wrote: > On 7/13/2018 4:05 PM, James Andrewartha wrote: >> Is the changelog accessible on the shorewall website outside of >> downloading the tarfile? > > You could look on sourceforge: > > https://sourceforge.net/p/shore

[Shorewall-users] Multiple providers on the same interface in Shorewall 5.0

tside of downloading the tarfile? Thanks, -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 -- Check out the vibrant tech communi

Re: [Shorewall-users] IPSec & IPV6

this case. > > And, having run Linux exclusively for 22 years, the brackets are new to me. Well, https://tools.ietf.org/html/rfc2732 is only 18 years old. -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0

Re: [Shorewall-users] Restricting intra-LAN traffic

shorewall's bridge firewall feature? http://shorewall.net/bridge-Shorewall-perl.html -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 -

Re: [Shorewall-users] rate limiting SIP cracking attempts

On 23/03/16 01:49, Brian J. Murrell wrote: > I wonder if anyone has applied rate limiting on their Shorewall in > front of an Asterisk or other SIP server. I would suggest looking at http://www.fail2ban.org/wiki/index.php/Asterisk -- James Andrewartha Network & Projects Engineer Chr

Re: [Shorewall-users] Automatically blacklist IP

http://www.fail2ban.org/ has shorewall integration. Sent from my Samsung device (apologies for top-posting) Original message From: PH Date: 2016/03/12 10:44 (GMT+08:00) To: 'Shorewall Users' Subject:

Re: [Shorewall-users] SMB from "net" zone

t 445, I got back to basics :-) [snip] > What am I missing here? Many ISPs drop port 445 (and others) to customers. See for example https://iihelp.iinet.net.au/Port_Blocking_at_iiNet -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia

Re: [Shorewall-users] time-of-day routing

the tool here. You could have time-based rules in the mangle file to select the default provider. Added in shorewall 4.6.2, or you could specify the raw iptables rule with INLINE. -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, We

Re: [Shorewall-users] Shorewall-lite/translator for VyOS

be nice. Obviously it's a lot of work which I don't have time for at the moment, but I was hoping there would be an appropriate layer within Shorewall that this translation could be done. Thanks, -- James Andrewartha Network Projects Engineer Christ Church Grammar School Claremont, Western

[Shorewall-users] Shorewall-lite/translator for VyOS

firewalling to be much less straightforward than Shorewall. So I was wondering if there could be a way to write Shorewall rules, but have the output be VyOS commands. Shorewall-lite also came to mind, in that it ships off the configuration to the firewall systems. Thanks, -- James Andrewartha

Re: [Shorewall-users] USE_DEFAULT_RT changed to Yes

Hi Tom, So I should set USE_DEFAULT_RT=No then? If it's enabled then my policy routing that shorewall does is broken. Thanks, James Andrewartha Network Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 [apologies for top-posting

[Shorewall-users] USE_DEFAULT_RT changed to Yes

/docs-info.html#Static-Route-Commands [3] http://shorewall.net/MultiISP.html#USE_DEFAULT_RT Thanks, -- James Andrewartha Network Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877

Re: [Shorewall-users] Shorewall iptrace not working

configuration like can speciy other logging options in shorewall.conf? What do you and others think? It's a good idea, or at least documentation on the fact that various options exist and the default has changed. Thanks, -- James Andrewartha Network Projects Engineer Christ Church Grammar School

[Shorewall-users] Shorewall iptrace not working

adding nohostroute in shorewall-providers. Thanks, -- James Andrewartha Network Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 -- Meet PCI DSS 3.0