[..]
To handle a protocol like FTP, Netfilter must inspect each packet of
the
control connection in order to be able to automatically open data
connections. When the control connection is encrypted, it can't do
that
and hence data connections are rejected. To work around this, you
will
need
Hi,
I read the shorewall man page regarding the "reload" and "restart" commands.
From a practical point of view and with default shorewall.conf settings in 5.1,
if I change/add/delete entries in the "rules" file, and issue the "reload"
command then I should expect the following:
- existing
Hi friends,
On Debian Jessie,
I've configured ProFtpd to connect by tls (SSLv3 TLSv1 -> Letsencypt
certificate) on port but with Shorewall up, it DROP the connection:
Aug 8 18:50:10 server kernel: [16438563.572121]
Shorewall:net-fw:DROP:IN=eth0 OUT=
I can see the light at the end of the tunnel, but I'm not quite there yet.
A reminder of my current network:
Internet providers --- gw1 --- fw2 --- lan, dmz, caib, ibs
I replaced the old fw1 with the new fw2 this morning, and everything seemed to
work until I found that some lan hosts could
Shorewall 5.1.6 Beta 2 is now available for testing.
Problems Corrected since Beta 1:
1) http://www.shorewall.net/shorewall_extension_scripts.htm states
that $SHAREDIR and $CONFDIR can be used in extension scripts, that
has not been true for some time. Beginning with this release, those
On 08/09/2017 12:56 AM, Vieri Di Paola via Shorewall-users wrote:
> Hi,
>
> I read the shorewall man page regarding the "reload" and "restart" commands.
> From a practical point of view and with default shorewall.conf settings in
> 5.1, if I change/add/delete entries in the "rules" file, and
On 08/09/2017 01:28 AM, Davide Marchi wrote:
> Hi friends,
>
> On Debian Jessie,
> I've configured ProFtpd to connect by tls (SSLv3 TLSv1 -> Letsencypt
> certificate) on port but with Shorewall up, it DROP the connection:
>
>
> Aug 8 18:50:10 server kernel: [16438563.572121]
>
From: Philip Le Riche
>
> I presume "Corresponding..." down to the end of the quote is an unintentional
> duplicate.
It is.
--
Check out the vibrant tech
On 08/09/2017 03:03 PM, Philip Le Riche wrote:
> Trying to set up a transparent proxy I'm slightly confused by the
> following towards the end of
> http://shorewall.net/Shorewall_Squid_Usage.html :
>
> |/etc/shorewall/mangle| (assume loc interface is eth1 and net interface
> is eth0):
>
>
Trying to set up a transparent proxy I'm slightly confused by the
following towards the end of
http://shorewall.net/Shorewall_Squid_Usage.html :
|/etc/shorewall/mangle| (assume loc interface is eth1 and net interface
is eth0):
#ACTION SOURCE DESTPROTO DPORT SPORT
On 08/08/2017 08:42 PM, Roland Schmid wrote:
> Hi Tom,
>
> Thanks for the response, sadly didn't work.
> Please find the 2 requested shorewall dumps attached
>
Docker isn't installing any meaningful rules. From the first dump:
In the filter table, both the DOCKER and DOCKER-ISOLATION chains
11 matches
Mail list logo