On 2/27/24 09:44, Simon wrote:
Matt Darfeuille wrote:
Looking at your script, I have a feeling it’s built from fragments you’ve found on
the net - either that or you already know > iptables well. Either way, it’s
looks like a fairly simple setup and you should find all you need in the d
On 2/24/24 14:42, Hosney Bin Osman wrote:
hi all
kindly i need your support to made transformation from IP table to
shorewall
please find IP tables script attached
We do not offer that kind of support.
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message
masquerade dont work with rocky9? I dont found any
about that.
Thx
___
What other info(s) can you provide?
In other words, we have nothing to help you with.
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049
k at [1].
[1] https://shorewall.org/configuration_file_basics.htm#capabilities
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: h
data. Anyway, a bit of insight from round here would be
appreciated.
To me , headless mode is the way to go (Webmin comes to mind).
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609
://www.freedesktop.org/software/systemd/man/systemd-networkd-wait-online.service.html
[2] https://shorewall.org/manpages/shorewall-interfaces.html
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609
debug" refer to?
As far as I can tell, the doc does not talk about 'debug' [1].
[1] https://shorewall.org/manpages/shorewall-routes.html
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/messag
to have a source address
of 10.70.66.10.
I am running shorewall v 4.5.5.3
___
You are running an unsupported version of Shorewall.
Please see (1).
1) https://shorewall.org/netmap.html
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall
at those differences.
- Looks like Google Classroom could be using the same UDP ports as 'Meet'.
- Are you also seeing this on other devices?
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609
number two (*15.0*) taken when the
connection/issue was not working?
- I might be rong here, but are you allowing Google trafic through your
firewall?
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman
if this is a
Shorewall issue.
If you do 'shorewall clear' on PC number two, does it work properly?
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewall.org
1 2 0 0 1 1 1 1 1 1 1 1" Failed
Preparing iptables-restore input...
Running /usr/sbin/iptables-restore --wait 60...
Terminated
***
Do you have 'kmod-sched' installed?
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p
) https://shorewall.org/shorewall_logging.html
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewall.org
___
Shorewall
termine if this is a communications issue (ie.
Shorewall) or a client/server hosts problem.
I'm not sure that this is the issue, but Teams requires lots of open
ports to work.
I had to open those for the Desktop edition.
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/mes
attachements:
shorewall configuration files and
shorewall_dump
What should I change in my settings?
Does it work if Shorewall is 'cleared'?
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message
on the Shorewall packet and the
Shorewall-core pkg requiring that those three packages are on the same
version (5.2.8 in this case).
So my suggestion is to update those three packages to 5.2.8 and todo a
'shorewall update' and a 'shorewall6 update'.
--
Matt Darfeuille
Community: https://sourceforge.net
32), passed through in regex; marked by <-- HERE in m/ ^(.*?) @({ <--
HERE )?(?:0|chain)(?(2)}) (.*)$ / at
/usr/share/shorewall/Shorewall/Chains.pm line 5822.
Can you confirm that this issue is still present with the latest stable
release (5.2.8)?
--
Matt Darfeuille
Community: https://s
to the documentation you are using.
1) https://shorewall.org/Events.html#IfEvent
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewall.org
(1, 'ARPTABLES=').
1) https://shorewall.org/manpages/shorewall.conf.html
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewall.org
On 10/26/2021 3:19 PM, Philipp Berger wrote:
On 24.10.2021 18:36, Matt Darfeuille wrote:
On 10/20/2021 6:47 PM, Philipp Berger wrote:
Dear all,
I am trying to access SSH in a Docker container via a port forwarding
from Docker, which works via IPv6 but not IPv4 (!).
Setup:
enp35s0, main
/ipsets.html
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewall.org
___
Shorewall-users mailing list
Shorewall-users
"DNAT net docker:172.17.0.4:22 tcp 9202", which also did not work.
Try substituting '22' by '9202'.
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: h
nderstand the Docker
interfaces mechanism then you will be able to configure Shorewall.
At this point, (1) is all I can do.
1) https://gist.github.com/lukasnellen/20761a20286f32efc396e207d986295d
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/m
>
>> Please send an archive of the Shorewall directory by using the below cmd:
>
>> cd /etc
>> $ tar -cf shorewall.tar.bz2 shorewall
> see attached file
>
This assumes that the content of '/etc/shorewall' was not modified.
Please try this
$ tail -n 7 interfaces
?
ps://127.0.0.1:8443
What do you see in the log?
Please send an archive of the Shorewall directory by using the below cmd:
cd /etc
$ tar -cf shorewall.tar.bz2 shorewall
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/sho
On 9/1/2021 3:12 PM, Matt Darfeuille wrote:
> On 9/1/2021 11:40 AM, Matt Darfeuille wrote:
>> On 9/1/2021 10:55 AM, Franz Holzinger wrote:
>>>>> I have this policy file:
>>>>> fw net ACCEPT
>>>>> fw dock ACCEPT
>>>>&
On 9/1/2021 11:40 AM, Matt Darfeuille wrote:
> On 9/1/2021 10:55 AM, Franz Holzinger wrote:
>>>> I have this policy file:
>>>> fw net ACCEPT
>>>> fw dock ACCEPT
>>>> dock all ACCEPT
>>>> net all DROP info
>>>> all
e the containers on a bridge?
It looks like the interfaces are not properly defined in the zones.
You said that you used 'docker0' in your interfaces file.
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorew
hat distro are you using?
> Mageia 7 Linux
>
Okay, Shorewall looks to be preinstalled with the distro and I'm not
sure of the interactions between the GUI and Shorewall
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforg
?
Note that support for Docker in Shorewall is to be removed eventually.
For now the prefered way is to disable firewall support in Docker and
the counterpart facility in Shorewall and to let Shorewall interact with
iptables.
--
Matt Darfeuille
Community: https://sourceforge.net/p/s
e (FORMAT2) /etc/shorewall/interfaces (line 10)
>
> The error message disappears if I change this line 13
> dockdocker0 bridge #Allow ICC (bridge implies routeback=1)
>
> into
>
> dockdocker0
>
>
> The url https://umgebung1.ddev.site:8443/typo3/ s
See (1).
> Is it recommended to switch into FORMAT 2?
>
Format 1 indicates that you are most likely running a unsupported
release of Shorewall.
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/
/compiler.pl line 137
> eval() called 0 times
>
>
>
>
> This is the line I have added to the interfaces:
>
> dockdocker0 bridge #Allow ICC (bridge implies routeback=1)
>
>
> What must I insert into the interfaces file in order it will work?
>
>
0
> logflags tcp -- 0.0.0.0/00.0.0.0/0 [goto] tcp
> flags:0x06/0x06
> logflags tcp -- 0.0.0.0/00.0.0.0/0 [goto] tcp
> flags:0x05/0x05
> logflags tcp -- 0.0.0.0/00.0.0.0/0 [goto] tcp
> flags:0x03/0x
--wait 60...
> Processing /etc/shorewall/started ...
> done.
>
> Any idea?
>
couple of pointers:
- Shorewall does not support nftables try reverting to iptables (1).
- The support of Docker in Shorewall is an issue and it is recommended
to
TERFACE [BROADCAST] OPTIONS
> Dirty eth0routeback #,routefilter=1
>
> Not sure what other config is relevant but let me know... And this when I
> am supposed to be on holiday... ;}
>
TLDR.
Is SW started after systemd-ne
Shorewall Community,
Following the Freenode hostile takeover, the Shorewall Project Committee
has decided to move
to Libera.Chat.
Starting now, support will no longer be offered on Freenode.
You can find us on Libera.Chat at '#shorewall'.
--
Matt Darfeuille
Community: https://sourceforge.net
192.168.1.2:5000 -> lan:192.168.3:5000
> lan:192.168.1.2:5001 -> lan:192.168.3:5001
> lan:192.168.1.2:6690 -> lan:192.168.3:6690
>
If you want to forward traffic from the loc zone to a server in the loc
zone, please see (1).
1) https://shorewall.org/FAQ.htm#faq2
--
Matt Darfeui
On 5/19/2021 7:31 PM, tha...@letterboxes.org wrote:
> Hello Matt,
>
> On Wed, May 19, 2021, at 1:17 PM, Matt Darfeuille wrote:
>>> sysctl -a | grep ipv6 | grep "\.forwarding"
>>> net.ipv6.conf.all.forwarding = 1
>>> net.ipv6.conf.default.forwardin
ipv6.conf.all.forwarding = 1
> net.ipv6.conf.default.forwarding = 1
> net.ipv6.conf.enp2s0.forwarding = 1
> net.ipv6.conf.enp3s0.forwarding = 1
> net.ipv6.conf.lo.forwarding = 1
>
Did you set it via Shorewall, if no,, please ensure that IP_FORWARDING
is set to keep/yes in s
ot;LINUX ROUTER" @ 192.168.1.25
> -- ping the "ATT MODEM" @ 192.168.1.254
> -- access the 'Web User Interface' on the "ATT MODEM" in a browser
>
> To get from the DESKTOP to the ATTMODEM I _think_ I need some route in the
> /routes file. At l
.0.0.0/8 eth0
>
> /etc/shorewall/conntrack:
> ?FORMAT 3
> CT:notrack:PO - 127.0.0.0/8
>
> shorewall.conf:
> ACCOUNTING=No
> IP_FORWARDING=Yes
> MACLIST_DISPOSITION=DROP
> MACLIST_TTL=
> ROUTE_FILTER=No
> STARTUP_ENABLED=Yes
> VERBOSITY=1
> LOGFILE=systemd
&
tions | \
awk 'BEGIN {prnt=0; };
/^$/ {if (prnt == 1) print ""; prnt=0; };
Is blacklisting properly enabled (1) (2)?
If you migrated from 4.* to 5.*, did you do a 'shorewall update'?
In anycase, if this turns out to be a bug, I ca
list
need a dump collected as described at (1 point 3, point 'g' in particular).
If you could resend it through this list, others might be able to help you.
1) https://shorewall.org/support.htm#Guidelines
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/m
).
If it still does not work, we will need a dump collected as described at(3).
Note that I can not guarantee when/if the dump will be looked at or if I
will be able to help you.
1) https://shorewall.org/troubleshoot.htm#Connections
2) https://shorewall.org/FAQ.htm
3) https://shorewall.or
and the internal network 2
> is on eth1:2. Is it necessary to add the eth1:2 interface (or just
> eth1) to the hosts file for the VPN?
>
See (2).
1) https://shorewall.org/troubleshoot.htm
2) https://shorewall.org/Shorewall_and_Aliased_Interfaces.html
--
Matt Darfeuille
Community:
ded accounting (1) and
and that nfacct allows to save those values.
1) https://shorewall.org/Accounting.html#nfacct
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewal
ine_firewall': when 'reload -C' is executed the file
'.iptables-restore-input' is properly populated.
As iptables is being phased out, I'm not sure if something should be
done to honor the -C option when start is executed.
Note that, this is my under
On 1/21/2021 5:04 PM, Matt Darfeuille wrote:
> On 1/20/2021 8:53 PM, Matt Darfeuille wrote:
>> On 1/20/2021 5:21 PM, Matthew Collins wrote:
>>> Gotcha.
>>>
>>> I'll have another go at working my way around the code.
>>>
>>> Do you
On 1/20/2021 8:53 PM, Matt Darfeuille wrote:
> On 1/20/2021 5:21 PM, Matthew Collins wrote:
>> Gotcha.
>>
>> I'll have another go at working my way around the code.
>>
>> Do you want this reported on gitlab? (and if I fudge together a
>> reasonable fix, I'
the compiled firewall script.
Thanks Matt and let us know how it goes.
1)
https://sourceforge.net/p/shorewall/mailman/shorewall-users/thread/CALpsz32rWjvox1DLS99gS%3DveW%3DiSsJu0jqetKx0QghFcwHewDw%40mail.gmail.com/#msg37200686
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mai
off this new year,,
I have no idea when this will be dealt with.
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewall.org
counters are reset. I'm sure I've missed
> something obvious...
>
Good evening, name twin! :)
Have a look at (1).
In particular, 'automake' is required for 'reload -C' to work properly.
1) https://shorewall.org/manpages/shorewall.html
--
Matt Darfeuille
Community: https://sourceforge.n
ar anything.
>>
>> Any ideas of what can it be done?
>>
>> All the best and merry christmas!
>> Diego Quintana
>>
>
Are you sure that SW is the issue, that is, does it work properly if
Shorewall is 'cleared' ('shorewall clear', doing so will live you
withou
in below signature
2) See community's URL in below signature
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewall.org
ikewise, the most recent post deals with "ACK PSH FIN" messages.
It looks like you have quite a setup there, that would be lovely if you
could explain the use of Shorewall in your environment.
This could avoid others from falling in the same pitfalls! :)
--
Matt Darfeuille
Community: https:
e-port WINDOW=0 RES=0x00 RST URGP=0
>
> what am i missing in shorewall to stop it ?
>
Maybe the below URLs could be of interest to you:
- https://shorewall.org/blacklisting_support.htm
- https://shorewall.org/Events.html
- https://shorewall.org/ConnectionRate.html
--
Matt Darf
is easier to use Gitlab to get files
from a specific release.
Please use (1) instead of the above link as it matches your release! :)
1)
https://gitlab.com/shorewall/code/-/tree/5.2.3.2/Shorewall/Samples/one-interface
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/371
/shorewall/interfaces:
net $NET_IF $NET_OPTS
or:
/etc/shorewall/interfaces
net NET_IF physical=eth0,dhcp
In the former case '$NET_IF' is to be used in the config files whereas
in the latter case 'NET_IF' is to be used.
If that still does not work for you, please make available an archive of
your co
On 11/16/2020 2:09 PM, Matt Darfeuille wrote:
> On 11/16/2020 12:03 PM, Marko Horn via Shorewall-users wrote:
>>
>> hello list,
>> i use shorewall with large blrules that got updated once a day.
>> on 'shorewall restart' it take ages that optimizing ruleset & co
e system.
>
> is it possible to make compile.pl use every core from cpu?
>
Would you by any chance be able/willing to submit patches reflecting
this on the devel list?
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.ne
simple setup :(
> If anyone have any suggestion on how to troubleshoot further, or how to
> fix it, I would very appreciate any such help.
>
Are you using lxd firewall capabilities (1)?:
- If yes, This is unlikely to work as Shorewall will probably modify
what is created by lxd
- If no, ha
symlink rules file, tcrules and others. Overall, IPv6 traffic rules
> are very similar to IPv4 from a firewall point of view. Besides of
> course "the odd" IPv6 addressing :-)
>
>
See also (1).
1) https://shorewall.org/SharedConfig.html
--
Matt Darfeuille
Community:
s to provide users to have a working configuration to start with.
1)
https://gitlab.com/shorewall/code/-/tree/5.2.8-base/Shorewall/Samples/two-interfaces
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforg
t file, however the dump did
> terminate with
>
> grep: /proc/net/nf_conntrack: No such file or directory
> Error: ipv4: FIB table does not exist.
> Dump terminated
>
> so I'm not sure if its complete or not.
>
Did you update your configuration with the 'shorewall updat
-users@lists.sourceforge.net
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewall.org
>From eb2ca7995543dd7734e342ef64a3153ba7bb3a9a Mon Sep 17 00:00:00 2001
F
On 10/7/2020 4:48 PM, Matt Darfeuille wrote:
> On 10/7/2020 4:27 PM, Simon Matter wrote:
>>>> On 10/6/20 8:50 AM, Matt Darfeuille wrote:
>>>>> On 10/6/2020 5:11 PM, Tom Eastep wrote:
>>>>>> On 10/6/20 7:33 AM, Simon Matter wrote:
>>>>
On 10/7/2020 4:27 PM, Simon Matter wrote:
>>> On 10/6/20 8:50 AM, Matt Darfeuille wrote:
>>>> On 10/6/2020 5:11 PM, Tom Eastep wrote:
>>>>> On 10/6/20 7:33 AM, Simon Matter wrote:
>>>>>>> On Tue, Oct 06, 2020 at 03:59:06PM +0200, Simon M
ed SW 5.2.8 (core, shorewall, init) followed by 'shorewall
update' and 'shorewall reload'.
The below is after multiple 'shorewall update followed by reload'.
/var/lib/shorewall# ls -l firewall && shorewall reload && ls -l firewall
-rwx-- 1 root root 76618 Oct 6 17:33 firewall
Rel
On 10/6/2020 5:22 PM, Tom Eastep wrote:
> On 10/6/20 6:59 AM, Simon Matter wrote:
>>> On 10/4/20 10:18 AM, Matt Darfeuille wrote:
>>>> On 10/4/2020 6:58 PM, Simon Matter wrote:
>>>>> Hi,
>>>>>
>>>>> I've just updated S
On 10/6/2020 3:59 PM, Simon Matter wrote:
>> On 10/4/20 10:18 AM, Matt Darfeuille wrote:
>>> On 10/4/2020 6:58 PM, Simon Matter wrote:
>>>> Hi,
>>>>
>>>> I've just updated Shorewall from 5.2.7 to 5.2.8 and did a reload just
>>>> to
&g
tcp smtp"
>
> When I run shorewall check, it gives me the following error:
>
> "ERROR: TARPIT requires TARPIT Target in your kernel and iptables
> /etc/shorewall/rules (line 40)”
>
>
You at least need the xtables-addons (xtables-addons-dkms on
of coffee) or was there a change I'm missing?
> I'm confused.
>
Compilation will only happen when '/etc/shorewall' is modified.
So if I'm not mistaking, updating the firewall will not trigger a
recompilation.
--
Matt Darfeuille
Community: https://sourceforge.net/p/shorewall/mai
the internet ?
>
All that we have is at shorewall.org (for DNAT, the rules file is what
you need to look into).
Please see (1) if you need more help.
In other words, we need a 'dump' of the issue, if you want our help.
1) https://shorewall.org/support.htm#Guidelines
--
Matt Darfeuille
Communi
ewall/rules:
> Ping(ACCEPT) dirty:^[CA,US] $FW
> and run shorewall check I get ERROR: GEOIPDIR (/usr/share/xt_geoip/LE) does
> not exist /usr/share/shorewall/macro.Ping (line 9)
> And indeed, there are no subdirectories LE and BE as there were before.
>
Try to remove '/LE' from
MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1
> LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=45508 DF PROTO=UDP SPT=38172 DPT=53 LEN=52
> [Tue Jan 30 17:39:49 2018] local-fw REJECT IN=eth1 OUT=
> MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=1
TPUT_CHAIN=OUTPUT
> FILTER_FORWARD_CHAIN=FORWARD
>
> And then I could modify the FILTER_FORWARD_CHAIN to be DOCKER-USER -
> though the all/all policy rules would have to not go in the
> FILTER_FORWARD_CHAIN, or the docker rules would never be reached.
>
> This is a rather lar
On 7/28/2020 8:56 PM, Walter Hofstädtler wrote:
> Bill,
>
> I hoped that the Shorewall restart would clear the tables.
>
Did you change the back end before restarting SW?
What is the value of 'RESTART=' in shorewall.conf?
--
Matt Darfeuille
Shorewall Project Committee, one
or type selection number: 1
update-alternatives: using /usr/sbin/ip6tables-legacy to provide
/usr/sbin/ip6tables (ip6tables) in manual mode
--
Matt Darfeuille
Shorewall Project Committee, one of four core members
https://sourceforge.net/p/shorewall/mailman/message/3659
shorewall.org/manpages/shorewall.conf.html
> https://shorewall.org/manpages/shorewall-stoppedrules.html
>
In addition to the above, the Shorewall try (1) command might be worth a
look.
You could also first try your changes in a VM.
1) https://shorewall.org/manpages/shorewall.html
--
Matt
$VPN_ZONES $FW:@$INT_DNS tcp,udp 53
Have you seen 'Example 9:' at (1).
We gladly accept patches if you think that could be beneficial to Shorewall.
1) https://shorewall.org/manpages/shorewall-rules.html
--
Matt Darfeuille
Shorewall Project Committee, one of four core members
https://sourceforg
On 5/16/2020 7:53 PM, merlinverde...@infomed.sld.cu wrote:
> Would this rule ensure that only port 80 can be used with tcp?
>
> ACCEPT all $FW tcp www
>
All inbound connections to the firewall on port(80) http will be
accepted from anywhere.
--
Matt Darfeuille
Shorewall Proje
, that is, block ('drop')
inbound/outbound internet access from and to your desktop.
>
> Supposedly I thought that this way I could not have any kind of internet
> connection, but I still maintain the connection, ¿Why happend this?. Of
> course I do this to test.
>
see above for
*_h323 there
>>
>> Yes and one suggestion in FAQ77 suggests the same.
>>
>
> Wow, what a success! Thank you so very much! That was the key!
> I wrote the two sip-helpers in DONT_LOAD in shorewall.conf and the
> phonecall work just perfect!
>
> Now the la
On 5/10/2020 8:16 PM, Boris wrote:
> Am 10.05.20 um 18:24 schrieb Matt Darfeuille:
>> On 5/10/2020 12:29 AM, Boris wrote:
>>> Hello Shorewall – List,
>>>
>
> [snip]
>
>>>
>>> That‘s it. Sorry for the description is quite rough. I will do
mails from 1und1. It connects, gets information about
> how many new mails there are, but does not download them. smptp works fine.
>
>
> That‘s it. Sorry for the description is quite rough. I will do a
> documentation like it is proposed in the Problem Reporting Guidelines
> with shor
ewall-interfaces.html
--
Matt Darfeuille
Shorewall Project Committee, one of four core members
https://sourceforge.net/p/shorewall/mailman/message/36596609/
https://shorewall.org
___
Shorewall-users mailing list
Shorewall-users@lists.
em to the new system?
If so, you might need to do a 'shorewall update' on the new system.
1) https://shorewall.org/Actions.html#Default
--
Matt Darfeuille
Shorewall Project Committee, one of four core members
https://sourceforge.net/p/shorewall/mailman/message/36596609/
h
from loc1 to loc2 for UDP port 9 does not seem to work.
Does it work if you 'clear' Shorewall?
--
Matt Darfeuille
Shorewall Project Committee, one of four core members
https://sourceforge.net/p/shorewall/mailman/message/36596609/
shorewall.org
___
Shore
tcp ports?
The user has no idea what this UDP connection is for, and I haven't
found any program using this port (58129 is supposed to be in the
dynamic range).
What dinamic range and are you sure of this?
--
Matt Darfeuille
Shorewall Project Committee, one of four core members
https://sourceforge.net/p
my question.
Have a look at (1).
1) https://shorewall.org/ipsets.html
--
Matt Darfeuille
Shorewall Project Committee, one of four core members
https://sourceforge.net/p/shorewall/mailman/message/36596609/
shorewall.org
___
Shorewall-users mailing
by the Shorewall Firewall.
It would be good if you could try it and if it works for you and report
back if you have issue(s).
Could you, Dear Tom, respond to this?
Note that Tom is retired from the Shorewall project.
--
Matt Darfeuille
Shorewall Project Committee, one of four core
,
>
In order to be able to help you, we will need a dump file collected as
described at (1).
1) https://shorewall.org/support.htm#Guidelines
-Matt
--
Matt Darfeuille
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
On 2/11/2020 3:48 PM, Matt Darfeuille wrote:
> On 2/11/2020 3:35 PM, Vieri Di Paola wrote:
>> Hi,
>>
>> I've blacklisted some kernel modules so they are not autoloaded at
>> boot time (/etc/modprobe.d).
>>
>> I've also blacklisted them in Shorewall
by Shorewall?
>
If the other modules are not loaded and 'AUTOHELPERS' is set to 'No',
are you sure that Shorewall is the culprit?
-Matt
--
Matt Darfeuille
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
all::Compiler::compiler("script", "/tmp/state/.start",
> "directory", "", "verbosity", 1, "timestamp", 0, ...) called at
> /usr/lib/shorewal
> eval() called 0 times
>
>
> Any suggestions would be great.
>
I'm n
ipv4: FIB table does not exist.
> Dump terminated
>
> Also:
> # ip route show table default
> Error: ipv4: FIB table does not exist.
> Dump terminated
>
> I have iproute2-5.2.0.
>
Have a look at (1).
HTH.
1) https://www.spinics.n
he 'wait' option in
'/etc/shorewall/interfaces' is worth a try.
1) https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
-Matt
--
Matt Darfeuille
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
works.
>
>> Regards & Happy Holidays
>
> In shorewall.conf, what is the RELATED_DISPOSITION setting? And
> do you
> have entries in the RELATED section of the rules file?
>
It looks like you didn't answer to Tom's question (bottom of this
e-mail), in general a rule in the rules file need to be use to open port
(SSH in this case.
For connection issue we will need a dump file collected as described at (1).
1) https://shorewall.org/support.htm#Guidelines
-Matt
--
Matt Darfeuille
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
5500)
>From 222.107.7.34 - 19 packets to udp(37970)
>
> I have two questions:
>
> 1. What's going on here and should I be worried?
>
> 2. Why is shorewall correctly blocking these packets but my BT Homehub is
> not? The Homehub firewall is enabled and set to drop all
1 - 100 of 306 matches
Mail list logo
