[Shorewall-users] How can I...?

2018-07-28 Thread Lee Brown
Shorewall 5.1.10.2 I can preview the iptables that shorewall will generate with this #shorewall check -r | less I can preview the generated firewall script #shorewall compile /tmp/sw which requires (unreliable) human parsing. Can I preview the rule and routes that will be generated more easily

Re: [Shorewall-users] locking processes left behind

2018-07-28 Thread Matt Darfeuille
On 7/28/2018 5:19 PM, Tom Eastep wrote: > On 07/28/2018 08:16 AM, Brian J. Murrell wrote: >> On Sat, 2018-07-28 at 08:03 -0700, Tom Eastep wrote: >>> diff --git a/Shorewall-core/lib.common b/Shorewall-core/lib.common >>> index 205fc705f..bbebf0936 100644 >>> --- a/Shorewall-core/lib.common >>> +++

Re: [Shorewall-users] locking processes left behind

2018-07-28 Thread Tom Eastep
On 07/28/2018 08:16 AM, Brian J. Murrell wrote: > On Sat, 2018-07-28 at 08:03 -0700, Tom Eastep wrote: >> diff --git a/Shorewall-core/lib.common b/Shorewall-core/lib.common >> index 205fc705f..bbebf0936 100644 >> --- a/Shorewall-core/lib.common >> +++ b/Shorewall-core/lib.common >> @@ -751,6

Re: [Shorewall-users] locking processes left behind

2018-07-28 Thread Brian J. Murrell
On Sat, 2018-07-28 at 08:03 -0700, Tom Eastep wrote: > diff --git a/Shorewall-core/lib.common b/Shorewall-core/lib.common > index 205fc705f..bbebf0936 100644 > --- a/Shorewall-core/lib.common > +++ b/Shorewall-core/lib.common > @@ -751,6 +751,8 @@ mutex_on() >

Re: [Shorewall-users] locking processes left behind

2018-07-28 Thread Brian J. Murrell
On Sat, 2018-07-28 at 15:04 +0200, Matt Darfeuille wrote: > > Tom, with MUTEX_ON.patch applied, on LEDE '--pid' is not available or > is > it done on purpose?: > > root@LEDE:~# ps --pid > ps: unrecognized option: pid > BusyBox v1.25.1 () multi-call binary. > > Usage: ps > > Show list of

Re: [Shorewall-users] locking processes left behind

2018-07-28 Thread Tom Eastep
On 07/28/2018 06:04 AM, Matt Darfeuille wrote: > On 7/26/2018 8:41 PM, Tom Eastep wrote: >> On 07/26/2018 09:54 AM, Brian J. Murrell wrote: >>> On Thu, 2018-07-26 at 08:51 -0700, Tom Eastep wrote: Brian, >>> >>> Hi Tom, >>> Can you point me to online documentation that describes how

[Shorewall-users] blacklisting

2018-07-28 Thread Vieri Di Paola via Shorewall-users
Hi, I've been blacklisting hosts that try to access unpublished ports by simply adding the following to the very end of my rules file: ADD(POL_BL:src):info:polbl,add2polbl    net1,net2,net3:!+POL_BL,+GLOBAL_WL     all    tcp,udp    -    !443,80,25 I'd rather not use the BLACKLIST policy and

Re: [Shorewall-users] locking processes left behind

2018-07-28 Thread Matt Darfeuille
On 7/26/2018 8:41 PM, Tom Eastep wrote: > On 07/26/2018 09:54 AM, Brian J. Murrell wrote: >> On Thu, 2018-07-26 at 08:51 -0700, Tom Eastep wrote: >>> >>> Brian, >> >> Hi Tom, >> >>> Can you point me to online documentation that describes how this >>> 'lock' >>> utility is supposed to work? >> >>