Re: [Shorewall-users] ProFtpd Shorewall DROP net-fw TLS connection from client ftp

[..] To handle a protocol like FTP, Netfilter must inspect each packet of the control connection in order to be able to automatically open data connections. When the control connection is encrypted, it can't do that and hence data connections are rejected. To work around this, you will need

[Shorewall-users] shorewall reload / restart

Hi, I read the shorewall man page regarding the "reload" and "restart" commands. From a practical point of view and with default shorewall.conf settings in 5.1, if I change/add/delete entries in the "rules" file, and issue the "reload" command then I should expect the following: - existing

[Shorewall-users] ProFtpd Shorewall DROP net-fw TLS connection from client ftp

Hi friends, On Debian Jessie, I've configured ProFtpd to connect by tls (SSLv3 TLSv1 -> Letsencypt certificate) on port but with Shorewall up, it DROP the connection: Aug 8 18:50:10 server kernel: [16438563.572121] Shorewall:net-fw:DROP:IN=eth0 OUT=

Re: [Shorewall-users] traffic issues through firewall router

I can see the light at the end of the tunnel, but I'm not quite there yet. A reminder of my current network: Internet providers --- gw1 --- fw2 --- lan, dmz, caib, ibs I replaced the old fw1 with the new fw2 this morning, and everything seemed to work until I found that some lan hosts could

[Shorewall-users] Shorewall 5.1.6 Beta 2

Shorewall 5.1.6 Beta 2 is now available for testing. Problems Corrected since Beta 1: 1) http://www.shorewall.net/shorewall_extension_scripts.htm states that $SHAREDIR and $CONFDIR can be used in extension scripts, that has not been true for some time. Beginning with this release, those

Re: [Shorewall-users] shorewall reload / restart

On 08/09/2017 12:56 AM, Vieri Di Paola via Shorewall-users wrote: > Hi, > > I read the shorewall man page regarding the "reload" and "restart" commands. > From a practical point of view and with default shorewall.conf settings in > 5.1, if I change/add/delete entries in the "rules" file, and

Re: [Shorewall-users] ProFtpd Shorewall DROP net-fw TLS connection from client ftp

On 08/09/2017 01:28 AM, Davide Marchi wrote: > Hi friends, > > On Debian Jessie, > I've configured ProFtpd to connect by tls (SSLv3 TLSv1 -> Letsencypt > certificate) on port but with Shorewall up, it DROP the connection: > > > Aug 8 18:50:10 server kernel: [16438563.572121] >

Re: [Shorewall-users] Documentation error?

From: Philip Le Riche > > I presume "Corresponding..." down to the end of the quote is an unintentional > duplicate. It is. -- Check out the vibrant tech

Re: [Shorewall-users] Documentation error?

On 08/09/2017 03:03 PM, Philip Le Riche wrote: > Trying to set up a transparent proxy I'm slightly confused by the > following towards the end of > http://shorewall.net/Shorewall_Squid_Usage.html : > > |/etc/shorewall/mangle| (assume loc interface is eth1 and net interface > is eth0): > >

[Shorewall-users] Documentation error?

Trying to set up a transparent proxy I'm slightly confused by the following towards the end of http://shorewall.net/Shorewall_Squid_Usage.html : |/etc/shorewall/mangle| (assume loc interface is eth1 and net interface is eth0): #ACTION SOURCE DESTPROTO DPORT SPORT

Re: [Shorewall-users] DOCKER issue

On 08/08/2017 08:42 PM, Roland Schmid wrote: > Hi Tom, > > Thanks for the response, sadly didn't work. > Please find the 2 requested shorewall dumps attached > Docker isn't installing any meaningful rules. From the first dump: In the filter table, both the DOCKER and DOCKER-ISOLATION chains