On Mon, 19 May 2025 06:39:06 +
Reinhard Vicinus via Shorewall-users
wrote:
> I am trying to get an 1:1 NAT configured prior to sending the
> packages into an IPsec tunnel, but as far as I can tell the NAT is
> never applied and the packages also never get into the tunnel.
1:1 nat and IPsec a
On Mon, 19 May 2025 06:39:06 +
Reinhard Vicinus via Shorewall-users
> I am confused, why I do not see packages with source 10.191.2.229
> going out eth0.1903 in the tcpdump output and why the trace ends with
> the nat:10.191.2.229:rule line. Has someone an idea what I am doing
> wrong or how I
On Fri, 21 Feb 2025 12:52:19 +0200
wrote:
> Hi all.
>
>
>
> I am looking for a deb package of version 4.4.26.1. Do you know where
> I could find and download one?
Unfortunately no idea where to find that kind of history piece.
>
> Backstory:
>
> We have a very old prod firewall running thi
On Tue, 11 Feb 2025 01:35:09 -0500
Winston Sorfleet wrote:
> Good resource Wayne. Can you (or Tuomi) comment on how mature
> foomuuri is for multi-ISP? Here is my usecase:
Plese, use foomuuri support channel for related questions.
https://github.com/FoobarOy/foomuuri/discussions
--
Tuomo So
On Thu, 6 Feb 2025 12:57:05 -0500
Phil Stracchino wrote:
> On 2/6/25 10:28, Sam wrote:
> >
> > I think the bigger issue is that Shorewall is more of an iptables
> > configuration tool. And iptables is now deprecated.
>
> Then what is needed is perhaps a project to update shorewall to emit
> t
On Mon, 03 Feb 2025 17:38:34 -0500
"Brian J. Murrell" wrote:
> On Mon, 2025-02-03 at 23:06 +0200, Tuomo Soini via Shorewall-users
> wrote:
> >
> > That way you unfortunately loose all dynamic firewall changes like
> > dns
> > resolving.
>
> Can
On Mon, 03 Feb 2025 14:58:58 -0500
"Brian J. Murrell" wrote:
> Does it have any kind of support similar to shorewall's remote-*
> functionality for keeping the rulebase remotely from the enforcement
> device? Having to run around logging into the devices you want to
> perform enforcement on, edi
On Mon, 03 Feb 2025 10:21:22 -0500
cov...@ccs.covici.com wrote:
> If shorewall is no longer maintained, what do people recomend instead
I'd suggest to check Foomuuri, https://github.com/FoobarOy/foomuuri
Foomuuri is available on debian12 backports, fedora, epel, archlinux,
and possibly other dis
On Sun, 2 Feb 2025 12:31:03 +
Philip Pemberton via Shorewall-users
wrote:
> Hi,
>
> I've been trying to add a DNAT rule which refers to a server whose
> hostname includes a hyphen:
>
> SMTP/DNAT net loc:int-mailserver
>
> Shorewall rejects this with an error in the macro
On Wed, 11 Dec 2024 15:03:35 +
simonseys via Shorewall-users
wrote:
> Hi Tuomo,
>
> > You can change this behaviour by changing vpn-vpn policy in policy
> > file. Default policy in shorewall is ACCEPT for inter-zone traffic.
> >
>
> I assume you are referring to the policy file. If so, m
On Thu, 28 Nov 2024 06:47:47 +
simonseys via Shorewall-users
wrote:
> So basically routeback is behaving like client-to-client would
> allowing inter-client communication unfettered by Shorewall. Why is
> routeback not having the desired effect of allowing me firewall
> traffic that is arrivi
11 matches
Mail list logo
