, Feb 28, 2024 at 09:31:16PM +0200, Tuomo Soini wrote:
> On Wed, 28 Feb 2024 19:45:55 +0100
> Peter Thurner | Blunix GmbH via Shorewall-users
> wrote:
>
> > I am aware of that, however sometimes there isn't really a much
> > better way than using dns names. that doesn
well thats nice. didnt know that!
my case is a bit different but still VERY interesting post!
On Wed, Feb 28, 2024 at 07:36:16PM +0100, Benny Pedersen wrote:
> Peter Thurner | Blunix GmbH via Shorewall-users skrev den 2024-02-28 17:49:
> > Hello shorewall users,
> >
> > is
Wed, 28 Feb 2024 17:49:37 +0100
> Peter Thurner | Blunix GmbH via Shorewall-users
> wrote:
>
> > Hello shorewall users,
> >
> > is there a way to ignore failing rules in shorewall, specifically if
> > /etc/shorewall/rules contains something like
> >
> &g
Hello shorewall users,
is there a way to ignore failing rules in shorewall, specifically if
/etc/shorewall/rules contains something like
ACCEPT local pub:this.domain.doesnt.exist.com tcp 443
?
with kind regards,
Peter Thurner
CEO Blunix GmbH
--
Blunix GmbH
Glogauer Straße 21
10999 Berlin
about opening port 80 to the FB? Won't that just allow
packets in from the Internet?
--
Regards,
Peter.
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
have a way to filter on
the Ether type?
--
Regards,
Peter.
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
is true but incomplete. Use of the
"physical=" option is not only relevant to multiple bridges. There is
no bridge here but "physical=wlxa0f3c10a28f7" can be used.
Regards,... Peter E.
--
Tel: +1 604 670 0140Bcc:
ng. ;-)
Thanks. The pages at shorewall.org suffice, more or less. I tripped on
the intended use of the params file, NET_IF and the "physical=" option.
The replies from Justin and Matt helped to clear the fog.
Regards, ... P.
--
Tel: +1 604 670 0140
n /etc/shorewall/params.
I remain puzzled that shorewall worked here for years without NET_IF
in params. The default route is available without
/etc/shorewall/params.
In any case, progress here.
Thanks for the help, ... P.
--
Tel: +1 604 670
T_IF = $IFACE
pre-down NET_IF = ''
Advice from someone familiar with the intended operation of a WiFi
'net connection would really help.
Thanks, ... P.
--
Tel: +1 604 670 0140 Bcc: peter at easthope. ca
From: Justin Pryzby
> I guess it should be while shorewall is running.
Sorry. Try now.
http://easthope.ca/shorewall.dump.txt
... P.
--
Tel: +1 604 670 0140Bcc: peter at easthope. ca
___
Shorewall-us
,... P.
--
Tel: +1 604 670 0140Bcc: peter at easthope. ca
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
config or preferably a shorweall dump ?
Click here .
http://easthope.ca/shorewall.dump.txt
Regards, ... P.
--
Tel: +1 604 670 0140 Bcc: peter at easthope. ca
___
Shorewall-users mailing list
Shorewall
a
...
Non-authoritative answer:
Name: google.ca
Address: 172.217.3.195
Name: google.ca
Address: 2607:f8b0:400a:809::2003
Any suggestion about the failure of name resolution?
Thanks, ... Peter E.
--
Tel: +1 604 670 0140Bcc: peter at easthope. ca
__
rticle needs inline citations. Can someone familiar with IT
publications help? Unfortunately I don't know the subject well
enough.
TTFN, ... P.
--
Tel: +1 604 670 0140 Bcc: peter at eastho
rewall.org.
Is the inconsistency desirable? Any objection to a revision?
Thanks,... P.
--
Tel: +1 604 670 0140 Bcc: peter at easthope. ca
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge
rewall.org.
Is the inconsistency desirable? Any objection to a revision?
Thanks,... P.
--
Tel: +1 604 670 0140 Bcc: peter at easthope. ca
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge
Thanks so much for answering!
seems like I have to makee another installation!
Youre the best!
/peter
October 31, 2020 9:25 PM, "Roberto C. Sánchez" wrote:
> On Sat, Oct 31, 2020 at 07:56:27PM +, pe...@kahn.nu wrote:
>
>> I have noticed that there are 4 and i6 releas
I have noticed that there are 4 and i6 releases of the firewall. So... Do i
have to install both? Will shorewall protect against ipv4 attacks if I I have
only installed shorewall 6 protection.
Or what?
Sorry for the stupid question. I could'nt easily find the answer from your
website.
/Peter
out --pol none" added.
I have now removed this zone, the mentioned iptables options will not be
added and the traffic flows.
Does anyone understand this behavior? Is this a unsupported combination?
Thanks,
Peter
On 10/28/20 5:54 PM, Peter Hurtenbach via Shorewall-users wrote:
Strongsw
:b4:f6:08:00 SRC=10.0.5.8
DST=10.17.14.6 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=22
DPT=39234 WINDOW=65160 RES=0x00 ACK SYN URGP=0
I also have tried the option routeback on the interface.
Can anyone help me with this behavior?
Thanks
complete or not.
Thanks so much in advance. A linux bloke with enough networking to be
dangerous.
Peter.
shorewall_dump.txt.gz
Description: application/gzip
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https
/shorewall/wait4ifup exists here. Is it still
necessary? Can anyone have a clever way of sequencing
with systemd configurations?
Thanks, ... Peter E.
--
Tel.: +1 604 670 0140 Bcc: peter at easthope. ca
___
Shorewall-users mailing list
Hi,
you have to set up source nat (masquerading) for the interface associated with
your net zone, otherwise the traffic will go out with the clients ip to the
gateway. You can simply validate that with an tcpdump on your net interface.
> Am 10.05.2018 um 22:07 schrieb David Ventura
simplify. Analogous to vector notation avoiding individual elements.
Thanks again, ... Peter E.
--
123456789 123456789 123456789 123456789 123456789 123456789 123456789
Tel: +1 360 639 0202 Pender Is.: +1 250 629 3757
http://easthope.ca/Peter.html B
l study further. Certainly tips are welcome.
Regards, ... Peter E.
--
123456789 123456789 123456789 123456789 123456789 123456789 123456789
Tel: +1 360 639 0202 Pender Is.: +1 250 629 3757
http://easthope.ca/Peter.html Bcc: peter
P.s. The question in 5 words: how is a port masqueraded?
Thanks, ... Peter E.
--
123456789 123456789 123456789 123456789 123456789 123456789 123456789
Tel: +1 360 639 0202 Pender Is.: +1 250 629 3757
http://easthope.ca/Peter.html
Shorewall wrote,
ERROR: Unknown Interface (954) /etc/shorewall/rules (line 9)
OK, yes, 954 is port. The idea is to take any ORIGDEST with port 954.
Conceptually, 0.0.0.0-255.255.255.255:954
or 0.0.0.0:954-255.255.255.255:954.
Possible? Ideas?
Thanks, ... Peter E
ct from the alias
port 954 to the HTTPS port 443. I haven't found an acceptable notation
for the interface, indicated by *. Is this possible?
Thanks,... Peter E.
--
123456789 123456789 123456789 123456789 123456789 123456789 123456789
Tel: +1 360 639 0202 Pende
, ... Peter E.
--
123456789 123456789 123456789 123456789 123456789 123456789 123456789
Tel: +1 360 639 0202 Pender Is.: +1 250 629 3757
http://easthope.ca/Peter.html Bcc: peter at easthope. ca
the
file command to detect that this file is ASCII text. No, it will consult mc.ext
where it takes the information that this file should be viewed with odt2txt.
This will not work. So a user might become a problem or at least gets a false
idea about the format of this file.
Peter
VARDIR is /var/lib/shorewall
LIBEXEC is /usr/libexec
Attached you find the output of:
/sbin/shorewall trace start 2 /tmp/trace
Thanks for any help in advance.
cheers
peter
--
Peter Mumenthaler
Linux System-Ingenieur
Puzzle ITC GmbH
www.puzzle.ch
Telefon +41 31 370 22 00
Direkt +41 31 370 22 34
/peter# shorewall start
...
Starting Shorewall
Initializing...
Setting up Route Filtering...
WARNING: Cannot set route filtering on MainBoard
Setting up Martian Logging...
WARNING: Cannot set Martian logging on MainBoard
Setting up Traffic Control...
Preparing iptables-restore input
is not being
sended to the machine on the local lan.
Anybody has an idea where to look or what ever other information do I need
to post to make more clear what is going wrong?
Thanks!
Peter
--
EMC VNX: the world's simplest storage
On 17/06/11 10:56 PM, David Watkins wrote:
Are my shorewall restarts causing the problem?
I wanted a static ip address but I wasn't able to get one for this user.
Can you use their MAC address?
It is a good suggestion but I thought about this for a while, did some
investigation and realised
On 17/06/11 10:56 PM, David Watkins wrote:
Are my shorewall restarts causing the problem?
I wanted a static ip address but I wasn't able to get one for this user.
Can you use their MAC address?
It is a good suggestion but I thought about this for a while, did some
investigation and
server
assign a static ip address to their particular MAC address.
Ian.
Its not my server and for some reason their ISP does not want to give
out a static ip address.
I've been told that it may be because the country is very controlled. eg
they are not allowed to use skype.
Peter
of this.)
In 6 months time I may have to come up with another solution.
cheers
peter
--
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline
Hello list,
Recently i have had one of my boxes attacked with a ddos attack. It was
all coming from 1 ip address so I made the rule :
DROPnet:ip $FW
ANY
This however did not help much for the load coming onto the box, asif it
wasn't working properly.
When
would be causing
this? Also, the compiler is set to shell, and the params file is exported in
shorewall.conf.
Kind Regards,
Peter Wrangell
--
Return on Information:
Google Enterprise Search pays you back
Get the facts
. As they
say, if everything else fails, take a look at the source.
Kind Regards,
Peter
-Original Message-
From: Tom Eastep [mailto:teas...@shorewall.net]
Sent: Mon 12/14/2009 5:48 PM
To: Shorewall Users
Subject: Re: [Shorewall-users] params file not being parsed correctly
Peter
As I understand, the routes specified in /etc/openvpn/myvpn
do not exist when shorewall starts. What is the conventional
solution?
Thanks,... Peter E.
--
http://members.shaw.ca/peasthope/
http://carnot.yi.org/ = http://carnot.pathology.ubc.ca
clients.
2. Can the effect of the dhcp option be described briefly in one or two
sentences? Eg.
This option specifies that DHCP datagrams be allowed to traverse the
interface.
Regards, ... Peter E.
--
http://members.shaw.ca/peasthope/
http://carnot.yi.org/ = http
.
Any insights, hints or tips will be appreciated,
Thanks, ... Peter E.
--
http://members.shaw.ca/peasthope/
http://carnot.yi.org/ = http://carnot.pathology.ubc.ca/
-
This SF.Net email is sponsored by the Moblin Your
at UBC is similar but has no such problems.
Regards, ... Peter E.
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK win great
?
Peter
Tom Eastep wrote:
peter wrote:
Hello Tom,
thank you for your response and your patience :)
I have appended the output of the Shorewall dump.
I had to cut a chunk out of the middle of this file (most of the
conntrack table) since it was originally 13.5MB
Deluge is running on a client
no
performance but that is no doubt another issue. Why this did not work
the first time round is not something I will pretend to understand .
Many thanks for your help :)
Peter
Tom Eastep wrote:
peter wrote:
Thanks for the comments Tom.
I have changed the settings and I think
Ubuntu 7.10 server, 8.04 client.
I seem to have a problem opening ports. I know this since when I test
the opened ports with Deluge it tells me that the ports are closed.
The router is a Linksys AG241 v2 with firmware 2.01.03. This has an IP
of 192.168.1.1 and is connected to the server on
ZONE
openvpn:P Z11.2.3.4
?
By the way, Shorewall is certainly among best documented
of open source softwares.
Thanks,... Peter E.
--
http://members.shaw.ca/peasthope/
http://carnot.yi.org/ = http://carnot.pathology.ubc.ca
the routing?
Is routing a separate matter?
Thanks, ... Peter E.
--
http://members.shaw.ca/peasthope/
http://carnot.yi.org/ = http://carnot.pathology.ubc.ca/
-
This SF.Net email is sponsored by the Moblin Your
with a meaning that eludes me?
Thanks, ... Peter E.
--
http://members.shaw.ca/peasthope/
http://carnot.yi.org/ = http://carnot.pathology.ubc.ca/
-
This SF.Net email is sponsored by the Moblin Your Move Developer's
loc
I've made a small effort to find the answer in the documentation
and failed of course.
Thanks, ... Peter E.
--
http://members.shaw.ca/peasthope/
http://carnot.yi.org/ = http://carnot.pathology.ubc.ca
using CiscoVPNclient
Peter:
We had to deal with this some weeks ago.
I think the only part you have missed is the NAT.
Cisco VPN requires the desktop has a valid IP.
So just create a NAT, and you'll be OK.
If you still has problems, don't hesitate to contact me and we can do
some test together
192.168.118.118 and 203.110.142.69. If I have
missed anything or you need further information please let me know.
Thankyou in advance,
Peter
status.txt.gz
Description: status.txt.gz
-
This SF.net email is sponsored by DB2 Express
fails when using Cisco VPN
client
Peter Wilson wrote:
I have Shorewall running as an office gateway performing NAT for local
clients to access Internet.
There is a policy allowing full access from loc - net.
Problem arrises when trying to connect a Cisco VPN client to a VPN server
Hi,
Thank you shorewall developers your scripts are runable in embedded
linx devices saves me a lot of config time .
Realy nice .
Have a nice day
greets
-
Take Surveys. Earn Cash. Influence the Future
Thanks, the ethtool trick solved my problem.I did read about it on your web page, but somehow I was under the impression that this fix would only fix some UDP checksum problem, and did not bother to try it because I was able to ping, but not able to ssh/www. Sorry.
Regards,Peter
. (www,ssh towards other hosts from
10.0.0.3 does not work either, gw is 10.0.0.1)Very puzzled as to what is wrong here thx for any help you may offer!Peter
status.txt.gz
Description: GNU Zip compressed data
trace.cap
Description: Binary data
58 matches
Mail list logo