Re: [Shorewall-users] Problems accessing host from docker container running on host

eturn path. If you do a `shorewall clear`, does it work at all? Note that the project is unmaintained. -- Matt Darfeuille Unmaintained project, no more releases or bug fixes Community: https://sourceforge.net/p/shorewall/mailman/message/371

[Shorewall-users] Fwd: Next steps without project maintainer

ed it if I were still supporting the code). The best workaround is to resolve these DNS names in the params file and assign the result to a shell variable; then expand the shell variable where you need to use the address(es). -- Matt Darfeuille Unmaintained Shorewall. Community:

Re: [Shorewall-users] shorewall maintainance?

r embedded platforms. Monkeypatching.. -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ Unmaintained Shorewall, new maintainer welcome. Homepage: https://shorewall.org ___ Shorewall-users mailing list Shorewall-users@l

Re: [Shorewall-users] shorewall maintainance?

ple. Or this new kid on the block: https://sourceforge.net/p/shorewall/mailman/message/37839495/ -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepage: https://sho

Re: [Shorewall-users] Initial setup and configuration

into "/etc/shorewall/" and "/etc/shorewall6" and set "STARTUP_ENABLED=Yes" in shorewall.conf and shorewall6.conf. Then added the specific rules for ports to allow incoming connections. You realy need to move away from Shorewall and Iptables. -- Matt Darfeuil

Re: [Shorewall-users] Simple SOHO setup help

capabilities, I strongly suggest you to look at Nftables front-end alternatives like: Foomuuri, UFW, Firewalld. -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepage: https://shorewall.org

Re: [Shorewall-users] transformation from IP table to shorewall

On 2/27/24 09:44, Simon wrote: Matt Darfeuille wrote: Looking at your script, I have a feeling it’s built from fragments you’ve found on the net - either that or you already know > iptables well. Either way, it’s looks like a fairly simple setup and you should find all you need in the d

Re: [Shorewall-users] transformation from IP table to shorewall

On 2/24/24 14:42, Hosney Bin Osman wrote: hi all kindly i need your support to made transformation from IP table to shorewall please find IP tables script attached We do not offer that kind of support. -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message

Re: [Shorewall-users] shorewall with rocky 9

masquerade dont work with rocky9? I dont found any about that. Thx ___ What other info(s) can you provide? In other words, we have nothing to help you with. -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049

Re: [Shorewall-users] Dynamic nets require Ipset Match in your kernel and iptables

nswer but have a look at [1]. [1] https://shorewall.org/configuration_file_basics.htm#capabilities -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/3

Re: [Shorewall-users] IP address change not surviving reboot

any of its own data. Anyway, a bit of insight from round here would be appreciated. To me , headless mode is the way to go (Webmin comes to mind). -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/m

Re: [Shorewall-users] Shorewall not starting

fore adding shorewall-init into the mix! [1] https://www.freedesktop.org/software/systemd/man/systemd-networkd-wait-online.service.html [2] https://shorewall.org/manpages/shorewall-interfaces.html -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https

Re: [Shorewall-users] ERROR: Invalid command: debug

debug" refer to? As far as I can tell, the doc does not talk about 'debug' [1]. [1] https://shorewall.org/manpages/shorewall-routes.html -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mail

Re: [Shorewall-users] NAT for VPN

have a source address of 10.70.66.10. I am running shorewall v 4.5.5.3 ___ You are running an unsupported version of Shorewall. Please see (1). 1) https://shorewall.org/netmap.html -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall

Re: [Shorewall-users] Google Classroom Video not making it through firewall

ok at those differences. - Looks like Google Classroom could be using the same UDP ports as 'Meet'. - Are you also seeing this on other devices? -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/m

Re: [Shorewall-users] Google Classroom Video not making it through firewall

r computer number two (*15.0*) taken when the connection/issue was not working? - I might be rong here, but are you allowing Google trafic through your firewall? -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewa

Re: [Shorewall-users] Google Classroom Video not making it through firewall

s to isolate if this is a Shorewall issue. If you do 'shorewall clear' on PC number two, does it work properly? -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepa

Re: [Shorewall-users] Simple traffic control error: Specified qdisc not found.

2 2 1 2 0 0 1 1 1 1 1 1 1 1" Failed Preparing iptables-restore input... Running /usr/sbin/iptables-restore --wait 60... Terminated *** Do you have 'kmod-sched' installed? -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://so

Re: [Shorewall-users] Filtering on Ether type, not port

configured. 1) https://shorewall.org/shorewall_logging.html -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepage: https://shorewall.org __

Re: [Shorewall-users] Unable to connect to an HTTPS service

I'd like to determine if this is a communications issue (ie. Shorewall) or a client/server hosts problem. I'm not sure that this is the issue, but Teams requires lots of open ports to work. I had to open those for the Desktop edition. -- Matt Darfeuille Community: https://sourceforge.ne

Re: [Shorewall-users] shorewall and openvpn issue

al subnet. see attachements: shorewall configuration files and shorewall_dump What should I change in my settings? Does it work if Shorewall is 'cleared'? -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/

Re: [Shorewall-users] Shorewall6 start error

Shorewall packet and the Shorewall-core pkg requiring that those three packages are on the same version (5.2.8 in this case). So my suggestion is to update those three packages to 5.2.8 and todo a 'shorewall update' and a 'shorewall6 update'. -- Matt Darfeuille Community: htt

Re: [Shorewall-users] Shorewall6 start error

32), passed through in regex; marked by <-- HERE in m/ ^(.*?) @({ <-- HERE )?(?:0|chain)(?(2)}) (.*)$ / at /usr/share/shorewall/Shorewall/Chains.pm line 5822. Can you confirm that this issue is still present with the latest stable release (5.2.8)? -- Matt Darfeuille Community: https://s

Re: [Shorewall-users] Shorewall 5.2.3.2 Events - Port Knocking

int to the documentation you are using. 1) https://shorewall.org/Events.html#IfEvent -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepage: https://sho

Re: [Shorewall-users] arptables-legacy

point out (1, 'ARPTABLES='). 1) https://shorewall.org/manpages/shorewall.conf.html -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepage: h

Re: [Shorewall-users] Shorewall and Docker - Port Forwarding

On 10/26/2021 3:19 PM, Philipp Berger wrote: On 24.10.2021 18:36, Matt Darfeuille wrote: On 10/20/2021 6:47 PM, Philipp Berger wrote: Dear all, I am trying to access SSH in a Docker container via a port forwarding from Docker, which works via IPv6 but not IPv4 (!). Setup: enp35s0, main

Re: [Shorewall-users] Using blacklist with 5.1.12.2

/ipsets.html -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepage: https://shorewall.org ___ Shorewall-users mailing list Shorewall-users

Re: [Shorewall-users] Shorewall and Docker - Port Forwarding

"DNAT net docker:172.17.0.4:22 tcp 9202", which also did not work. Try substituting '22' by '9202'. -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/3

Re: [Shorewall-users] Shorewalll blocks Docker url

to understand the Docker interfaces mechanism then you will be able to configure Shorewall. At this point, (1) is all I can do. 1) https://gist.github.com/lukasnellen/20761a20286f32efc396e207d986295d -- Matt Darfeuille Community: https://sourceforge.net/p/shorew

Re: [Shorewall-users] Shorewalll blocks Docker url

> >> Please send an archive of the Shorewall directory by using the below cmd: > >> cd /etc >> $ tar -cf shorewall.tar.bz2 shorewall > see attached file > This assumes that the content of '/etc/shorewall' was not modified. Please try this $ tail -n 7 in

Re: [Shorewall-users] Shorewalll blocks Docker url

ps://127.0.0.1:8443 What do you see in the log? Please send an archive of the Shorewall directory by using the below cmd: cd /etc $ tar -cf shorewall.tar.bz2 shorewall -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/sho

Re: [Shorewall-users] Shorewalll blocks Docker url

On 9/1/2021 3:12 PM, Matt Darfeuille wrote: > On 9/1/2021 11:40 AM, Matt Darfeuille wrote: >> On 9/1/2021 10:55 AM, Franz Holzinger wrote: >>>>> I have this policy file: >>>>> fw net ACCEPT >>>>> fw dock ACCEPT >>>>&

Re: [Shorewall-users] Shorewalll blocks Docker url

On 9/1/2021 11:40 AM, Matt Darfeuille wrote: > On 9/1/2021 10:55 AM, Franz Holzinger wrote: >>>> I have this policy file: >>>> fw net ACCEPT >>>> fw dock ACCEPT >>>> dock all ACCEPT >>>> net all DROP info >>>> all all RE

Re: [Shorewall-users] Shorewalll blocks Docker url

. Are the containers on a bridge? It looks like the interfaces are not properly defined in the zones. You said that you used 'docker0' in your interfaces file. -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourcefor

Re: [Shorewall-users] Shorewalll blocks Docker url

t; > - What distro are you using? > Mageia 7 Linux > Okay, Shorewall looks to be preinstalled with the distro and I'm not sure of the interactions between the GUI and Shorewall -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC

Re: [Shorewall-users] Shorewalll blocks Docker url

What distro are you using? Note that support for Docker in Shorewall is to be removed eventually. For now the prefered way is to disable firewall support in Docker and the counterpart facility in Shorewall and to let Shorewall interact with iptables. -- Matt Darfeuille Community: ht

Re: [Shorewall-users] Shorewalll blocks Docker url

FORMAT2) /etc/shorewall/interfaces (line 10) > > The error message disappears if I change this line 13 > dockdocker0 bridge #Allow ICC (bridge implies routeback=1) > > into > > dockdocker0 > > > The url https://umgebung1.ddev.site:8443/typo3/ s

Re: [Shorewall-users] Shorewalll blocks Docker url

See (1). > Is it recommended to switch into FORMAT 2? > Format 1 indicates that you are most likely running a unsupported release of Shorewall. -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/

Re: [Shorewall-users] Shorewalll blocks Docker url

/compiler.pl line 137 > eval() called 0 times > > > > > This is the line I have added to the interfaces: > > dockdocker0 bridge #Allow ICC (bridge implies routeback=1) > > > What must I insert into the interfaces file in order it will work? > >

Re: [Shorewall-users] Shorewall is not blocking container traffic to internet

0 > logflags tcp -- 0.0.0.0/00.0.0.0/0 [goto] tcp > flags:0x06/0x06 > logflags tcp -- 0.0.0.0/00.0.0.0/0 [goto] tcp > flags:0x05/0x05 > logflags tcp -- 0.0.0.0/00.0.0.0/0 [goto] tcp > flags:0x03/0x

Re: [Shorewall-users] Shorewall randomly complaining chain is missing

> Preparing iptables-restore input... > Running /sbin/iptables-restore --wait 60... > Processing /etc/shorewall/started ... > done. > > Any idea? > couple of pointers: - Shorewall does not support nftables try reverting to iptables

Re: [Shorewall-users] Shorewall 5.1.6 not recognizing eth0 after ubuntu upgrade

TERFACE [BROADCAST] OPTIONS > Dirty eth0routeback #,routefilter=1 > > Not sure what other config is relevant but let me know... And this when I > am supposed to be on holiday... ;} > TLDR. Is SW started after systemd-ne

[Shorewall-users] Abandoning Freenode

Shorewall Community, Following the Freenode hostile takeover, the Shorewall Project Committee has decided to move to Libera.Chat. Starting now, support will no longer be offered on Freenode. You can find us on Libera.Chat at '#shorewall'. -- Matt Darfeuille Community: https://sourc

Re: [Shorewall-users] NAT on same network

> lan:192.168.1.2:5000 -> lan:192.168.3:5000 > lan:192.168.1.2:5001 -> lan:192.168.3:5001 > lan:192.168.1.2:6690 -> lan:192.168.3:6690 > If you want to forward traffic from the loc zone to a server in the loc zone, please see (1). 1) https://shorewall.org/FAQ.htm#faq2 -- Ma

Re: [Shorewall-users] last missing Shorewall6 piece, ping6 from LAN to 'NET ?

On 5/19/2021 7:31 PM, tha...@letterboxes.org wrote: > Hello Matt, > > On Wed, May 19, 2021, at 1:17 PM, Matt Darfeuille wrote: >>> sysctl -a | grep ipv6 | grep "\.forwarding" >>> net.ipv6.conf.all.forwarding = 1 >>> net.ipv6.conf.default.forwardin

Re: [Shorewall-users] last missing Shorewall6 piece, ping6 from LAN to 'NET ?

net.ipv6.conf.all.forwarding = 1 > net.ipv6.conf.default.forwarding = 1 > net.ipv6.conf.enp2s0.forwarding = 1 > net.ipv6.conf.enp3s0.forwarding = 1 > net.ipv6.conf.lo.forwarding = 1 > Did you set it via Shorewall, if no,, please ensure that IP_FORWARDING is set to keep/yes

Re: [Shorewall-users] need some help getting access to my Internet Modem from my LAN

can NOT > -- ping the "LINUX ROUTER" @ 192.168.1.25 > -- ping the "ATT MODEM" @ 192.168.1.254 > -- access the 'Web User Interface' on the "ATT MODEM" in a browser > > To get from the DESKTOP to the ATTMODEM I _think_ I ne

Re: [Shorewall-users] Packages get dropped in FORWARD chain for some connections

> SNAT(detect) 10.0.0.0/8 eth0 > > /etc/shorewall/conntrack: > ?FORMAT 3 > CT:notrack:PO - 127.0.0.0/8 > > shorewall.conf: > ACCOUNTING=No > IP_FORWARDING=Yes > MACLIST_DISPOSITION=DROP > MACLIST_TTL= > ROUTE_FILTER=No > STARTUP_ENABLED=Yes > VERBOSITY=1 &g

Re: [Shorewall-users] Why "Shorewall show bl" doesn't give the same result depends of shorewall version ?

$g_tool -L $g_ipt_options | \ awk 'BEGIN {prnt=0; }; /^$/ {if (prnt == 1) print ""; prnt=0; }; Is blacklisting properly enabled (1) (2)? If you migrated from 4.* to 5.*, did you do a 'shorewall update'? In anyc

Re: [Shorewall-users] Routing SSH through VPN

st need a dump collected as described at (1 point 3, point 'g' in particular). If you could resend it through this list, others might be able to help you. 1) https://shorewall.org/support.htm#Guidelines -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall

Re: [Shorewall-users] Routing SSH through VPN

). If it still does not work, we will need a dump collected as described at(3). Note that I can not guarantee when/if the dump will be looked at or if I will be able to help you. 1) https://shorewall.org/troubleshoot.htm#Connections 2) https://shorewall.org/FAQ.htm 3) https://shorewall.or

Re: [Shorewall-users] ipsec rules and routing

e server is br0 and the internal network 2 > is on eth1:2. Is it necessary to add the eth1:2 interface (or just > eth1) to the hosts file for the VPN? > See (2). 1) https://shorewall.org/troubleshoot.htm 2) https://shorewall.org/Shorewall_and_Aliased_Interfaces.html -- Matt Da

Re: [Shorewall-users] Accounting - counters reset by restart

#x27; in 'shorewall.conf'. - Making clear that the values shown by iptaccount are computed on the fly and are not saved at all. - Using nfact to interact with iptables's extended accounting (1) and and that nfacct allows to save those values. 1) https://shorewall.org/Accounting.html#nfacc

Re: [Shorewall-users] Accounting - counters reset by restart

ed by a 'start'. For compatibility reasons, Shorewall allows to change this back by changing the value of the 'RESTART' variable to 'reload' in 'shorewall.conf'. As far as my understanding of the code goes, the -C

Re: [Shorewall-users] Accounting - counters reset by restart

On 1/21/2021 5:04 PM, Matt Darfeuille wrote: > On 1/20/2021 8:53 PM, Matt Darfeuille wrote: >> On 1/20/2021 5:21 PM, Matthew Collins wrote: >>> Gotcha. >>> >>> I'll have another go at working my way around the code. >>> >>> Do y

Re: [Shorewall-users] Accounting - counters reset by restart

On 1/20/2021 8:53 PM, Matt Darfeuille wrote: > On 1/20/2021 5:21 PM, Matthew Collins wrote: >> Gotcha. >> >> I'll have another go at working my way around the code. >> >> Do you want this reported on gitlab? (and if I fudge together a >> reasonable fix,

Re: [Shorewall-users] Accounting - counters reset by restart

27;-c' in the context of the compiled firewall script. Thanks Matt and let us know how it goes. 1) https://sourceforge.net/p/shorewall/mailman/shorewall-users/thread/CALpsz32rWjvox1DLS99gS%3DveW%3DiSsJu0jqetKx0QghFcwHewDw%40mail.gmail.com/#msg37200686 -- Matt Darfeuille Community: https://s

Re: [Shorewall-users] Accounting - counters reset by restart

ctive departure from the project as off this new year,, I have no idea when this will be dealt with. -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepage: https://shorewall.org _

Re: [Shorewall-users] Accounting - counters reset by restart

tore line (but there is after a > 'shorewall reload') and the counters are reset. I'm sure I've missed > something obvious... > Good evening, name twin! :) Have a look at (1). In particular, 'automake' is required for 'reload -C' to work properly.

Re: [Shorewall-users] Problem with google meet and audio calls

't hear anything. >> >> Any ideas of what can it be done? >> >> All the best and merry christmas! >> Diego Quintana >> > Are you sure that SW is the issue, that is, does it work properly if Shorewall is 'cleared' ('shorewall clear',

Re: [Shorewall-users] Happy Christmas

See SPC's URL in below signature 2) See community's URL in below signature -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepage: https://shorewall.org ___

Re: [Shorewall-users] HTTPS ACK dropped

; Likewise, the most recent post deals with "ACK PSH FIN" messages. It looks like you have quite a setup there, that would be lovely if you could explain the use of Shorewall in your environment. This could avoid others from falling in the same pitfalls! :) -- Matt Darfeuille Co

Re: [Shorewall-users] ipv4 spoofing

e-port WINDOW=0 RES=0x00 RST URGP=0 > > what am i missing in shorewall to stop it ? > Maybe the below URLs could be of interest to you: - https://shorewall.org/blacklisting_support.htm - https://shorewall.org/Events.html - https://shorewall.org/ConnectionRate.html -- Matt Darf

Re: [Shorewall-users] Re (n): (1)"shorewall status" and (2)$FW.

7;s answer, it is easier to use Gitlab to get files from a specific release. Please use (1) instead of the above link as it matches your release! :) 1) https://gitlab.com/shorewall/code/-/tree/5.2.3.2/Shorewall/Samples/one-interface -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall

Re: [Shorewall-users] Re (2): (1)"shorewall status" and (2)$FW.

ysical' is used: /etc/shorewall/params: NET_IF=eth0 NET_OPTS=dhcp /etc/shorewall/interfaces: net $NET_IF $NET_OPTS or: /etc/shorewall/interfaces net NET_IF physical=eth0,dhcp In the former case '$NET_IF' is to be used in the config files whereas in the latter case 'NET_IF

Re: [Shorewall-users] shorewall restart / compile.pl speed...

On 11/16/2020 2:09 PM, Matt Darfeuille wrote: > On 11/16/2020 12:03 PM, Marko Horn via Shorewall-users wrote: >> >> hello list, >> i use shorewall with large blrules that got updated once a day. >> on 'shorewall restart' it take ages that optimizing rulese

Re: [Shorewall-users] shorewall restart / compile.pl speed...

t;1" core on the system. > > is it possible to make compile.pl use every core from cpu? > Would you by any chance be able/willing to submit patches reflecting this on the devel list? -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: ht

Re: [Shorewall-users] filtering on lxd bridge

it workin in Shorewall, it's simple setup :( > If anyone have any suggestion on how to troubleshoot further, or how to > fix it, I would very appreciate any such help. > Are you using lxd firewall capabilities (1)?: - If yes, This is unlikely to work as Shorewall will probably modify

Re: [Shorewall-users] IPv4 or IPv6

may symlink rules file, tcrules and others. Overall, IPv6 traffic rules > are very similar to IPv4 from a firewall point of view. Besides of > course "the odd" IPv6 addressing :-) > > See also (1). 1) https://shorewall.org/SharedConfig.html -- Matt Darfeuille Commu

Re: [Shorewall-users] Home user shorewall configuration

es. This is to provide users to have a working configuration to start with. 1) https://gitlab.com/shorewall/code/-/tree/5.2.8-base/Shorewall/Samples/two-interfaces -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://

Re: [Shorewall-users] Problem routing traffic from my lan to a machine behind ipsec.

shorewall_dump.txt file, however the dump did > terminate with > > grep: /proc/net/nf_conntrack: No such file or directory > Error: ipv4: FIB table does not exist. > Dump terminated > > so I'm not sure if its complete or not. > Did you update your configuration

[Shorewall-users] Fwd: Shorewall reload doesn't reload?

shorewall-users@lists.sourceforge.net -- Matt Darfeuille Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepage: https://shorewall.org >From eb2ca7995543dd7734e342ef64a3153ba7bb3a9a Mon Sep 17 00:00

Re: [Shorewall-users] Shorewall reload doesn't reload?

On 10/7/2020 4:48 PM, Matt Darfeuille wrote: > On 10/7/2020 4:27 PM, Simon Matter wrote: >>>> On 10/6/20 8:50 AM, Matt Darfeuille wrote: >>>>> On 10/6/2020 5:11 PM, Tom Eastep wrote: >>>>>> On 10/6/20 7:33 AM, Simon Matter wrote: >>>>

Re: [Shorewall-users] Shorewall reload doesn't reload?

On 10/7/2020 4:27 PM, Simon Matter wrote: >>> On 10/6/20 8:50 AM, Matt Darfeuille wrote: >>>> On 10/6/2020 5:11 PM, Tom Eastep wrote: >>>>> On 10/6/20 7:33 AM, Simon Matter wrote: >>>>>>> On Tue, Oct 06, 2020 at 03:59:06PM +0200, Simon M

Re: [Shorewall-users] Shorewall reload doesn't reload?

iced the same behavior? > I just installed SW 5.2.8 (core, shorewall, init) followed by 'shorewall update' and 'shorewall reload'. The below is after multiple 'shorewall update followed by reload'. /var/lib/shorewall# ls -l firewall && shorewall reload &

Re: [Shorewall-users] Shorewall reload doesn't reload?

On 10/6/2020 5:22 PM, Tom Eastep wrote: > On 10/6/20 6:59 AM, Simon Matter wrote: >>> On 10/4/20 10:18 AM, Matt Darfeuille wrote: >>>> On 10/4/2020 6:58 PM, Simon Matter wrote: >>>>> Hi, >>>>> >>>>> I've just updated Shore

Re: [Shorewall-users] Shorewall reload doesn't reload?

On 10/6/2020 3:59 PM, Simon Matter wrote: >> On 10/4/20 10:18 AM, Matt Darfeuille wrote: >>> On 10/4/2020 6:58 PM, Simon Matter wrote: >>>> Hi, >>>> >>>> I've just updated Shorewall from 5.2.7 to 5.2.8 and did a reload just >>>>

Re: [Shorewall-users] Tarpit Documentation

tcp smtp" > > When I run shorewall check, it gives me the following error: > > "ERROR: TARPIT requires TARPIT Target in your kernel and iptables > /etc/shorewall/rules (line 40)” > > You at least need the xtables-addons (xtables-addons-dkms on

Re: [Shorewall-users] Shorewall reload doesn't reload?

oo tired (lack of coffee) or was there a change I'm missing? > I'm confused. > Compilation will only happen when '/etc/shorewall' is modified. So if I'm not mistaking, updating the firewall will not trigger a recompilation. -- Matt Darfeuille Community:

Re: [Shorewall-users] Please assist with configuration to transparent tunnel from public access on one server, over a vpn, to service on an internal server

ng TO the internet ? > All that we have is at shorewall.org (for DNAT, the rules file is what you need to look into). Please see (1) if you need more help. In other words, we need a 'dump' of the issue, if you want our help. 1) https://shorewall.org/support.htm#Guidelines -- Matt Darf

Re: [Shorewall-users] GeoIP matching directory

shorewall/rules: > Ping(ACCEPT) dirty:^[CA,US] $FW > and run shorewall check I get ERROR: GEOIPDIR (/usr/share/xt_geoip/LE) does > not exist /usr/share/shorewall/macro.Ping (line 9) > And indeed, there are no subdirectories LE and BE as there were before. > Try to remove '

Re: [Shorewall-users] Shorewall Disobeying rules?

OUT= > MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 > LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=45508 DF PROTO=UDP SPT=38172 DPT=53 LEN=52 > [Tue Jan 30 17:39:49 2018] local-fw REJECT IN=eth1 OUT= > MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.2

Re: [Shorewall-users] Shorewall + Docker = no firewall

FILTER_INPUT_CHAIN=INPUT > FILTER_OUTPUT_CHAIN=OUTPUT > FILTER_FORWARD_CHAIN=FORWARD > > And then I could modify the FILTER_FORWARD_CHAIN to be DOCKER-USER - > though the all/all policy rules would have to not go in the > FILTER_FORWARD_CHAIN, or the docker rules would never be

Re: [Shorewall-users] nf_ct_snmp: dropping packet: parser failed

On 7/28/2020 8:56 PM, Walter Hofstädtler wrote: > Bill, > > I hoped that the Shorewall restart would clear the tables. > Did you change the back end before restarting SW? What is the value of 'RESTART=' in shorewall.conf? -- Matt Darfeuille Shorewall Project Commi

Re: [Shorewall-users] nf_ct_snmp: dropping packet: parser failed

or type selection number: 1 update-alternatives: using /usr/sbin/ip6tables-legacy to provide /usr/sbin/ip6tables (ip6tables) in manual mode -- Matt Darfeuille Shorewall Project Committee, one of four core members https://sourceforge.net/p/shorewall/mailman/message/3659

Re: [Shorewall-users] Building in a failsafe

MINDED > https://shorewall.org/manpages/shorewall.conf.html > https://shorewall.org/manpages/shorewall-stoppedrules.html > In addition to the above, the Shorewall try (1) command might be worth a look. You could also first try your changes in a VM. 1) https://shorewall.org/manpages/shore

Re: [Shorewall-users] one rule for multiple source zones that match with a wildcard

CEPT $VPN_ZONES $FW:@$INT_DNS tcp,udp 53 Have you seen 'Example 9:' at (1). We gladly accept patches if you think that could be beneficial to Shorewall. 1) https://shorewall.org/manpages/shorewall-rules.html -- Matt Darfeuille Shorewall Project Committee, one of four core members htt

Re: [Shorewall-users] implement rules with NEW and ESTABLISHED

On 5/16/2020 7:53 PM, merlinverde...@infomed.sld.cu wrote: > Would this rule ensure that only port 80 can be used with tcp? > > ACCEPT all $FW tcp www > All inbound connections to the firewall on port(80) http will be accepted from anywhere. -- Matt Darfeuille Shorewall Proje

Re: [Shorewall-users] Only a desktop computer

, that is, block ('drop') inbound/outbound internet access from and to your desktop. > > Supposedly I thought that this way I could not have any kind of internet > connection, but I still maintain the connection, ¿Why happend this?. Of > course I do this to test. > see

Re: [Shorewall-users] SUCCESS!! Re: RTP not working

323 there >> >> Yes and one suggestion in FAQ77 suggests the same. >> > > Wow, what a success! Thank you so very much! That was the key! > I wrote the two sip-helpers in DONT_LOAD in shorewall.conf and the > phonecall work just perfect! > > Now the la

Re: [Shorewall-users] RTP not working

On 5/10/2020 8:16 PM, Boris wrote: > Am 10.05.20 um 18:24 schrieb Matt Darfeuille: >> On 5/10/2020 12:29 AM, Boris wrote: >>> Hello Shorewall – List, >>> > > [snip] > >>> >>> That‘s it. Sorry for the description is quite rough. I will do

Re: [Shorewall-users] RTP not working

ses to pull mails from 1und1. It connects, gets information about > how many new mails there are, but does not download them. smptp works fine. > > > That‘s it. Sorry for the description is quite rough. I will do a > documentation like it is proposed in the Problem Reporting Guidelines

Re: [Shorewall-users] Optional interface ppp0

ll.org/manpages/shorewall-interfaces.html -- Matt Darfeuille Shorewall Project Committee, one of four core members https://sourceforge.net/p/shorewall/mailman/message/36596609/ https://shorewall.org ___ Shorewall-users mailing list Sh

Re: [Shorewall-users] Help migrating to "new" actions

ur files from the old system to the new system? If so, you might need to do a 'shorewall update' on the new system. 1) https://shorewall.org/Actions.html#Default -- Matt Darfeuille Shorewall Project Committee, one of four core members https://sourceforge.net

Re: [Shorewall-users] wake-on-lan forwarding magic packet

le from loc1 to loc2 for UDP port 9 does not seem to work. Does it work if you 'clear' Shorewall? -- Matt Darfeuille Shorewall Project Committee, one of four core members https://sourceforge.net/p/shorewall/mailman/message/36596609/ shorewall.org __

Re: [Shorewall-users] unknown traffic

ts? The user has no idea what this UDP connection is for, and I haven't found any program using this port (58129 is supposed to be in the dynamic range). What dinamic range and are you sure of this? -- Matt Darfeuille Shorewall Project Committee, one of four core members https://sourceforge.

Re: [Shorewall-users] Is it necessary to restart the firewall when updating ipset.

et, hence my question. Have a look at (1). 1) https://shorewall.org/ipsets.html -- Matt Darfeuille Shorewall Project Committee, one of four core members https://sourceforge.net/p/shorewall/mailman/message/36596609/ shorewall.org ___ Shorewall-use

Re: [Shorewall-users] Using GeoIP to filter out incoming connections on the openvpn gateway.

epted by the Shorewall Firewall. It would be good if you could try it and if it works for you and report back if you have issue(s). Could you, Dear Tom, respond to this? Note that Tom is retired from the Shorewall project. -- Matt Darfeuille Shorewall Project Committee, one of four

Re: [Shorewall-users] Shorewall cuts all connections on start

ery much, > In order to be able to help you, we will need a dump file collected as described at (1). 1) https://shorewall.org/support.htm#Guidelines -Matt -- Matt Darfeuille ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] do not load some kernel modules

On 2/11/2020 3:48 PM, Matt Darfeuille wrote: > On 2/11/2020 3:35 PM, Vieri Di Paola wrote: >> Hi, >> >> I've blacklisted some kernel modules so they are not autoloaded at >> boot time (/etc/modprobe.d). >> >> I've also blacklisted them in

  1   2   3   4   >