[Shorewall-users] Strange error with Centos 7

I installed the minimal version of Centos 7, run a yum upgrade and then yum install shorewall When I test my configuration with shorewall check ( I only set zones interfaces policy) , I always get nf_log: can't load ipt_ULOG, conflicting nfnetlink_log already loaded What can I do to avoid this

[Shorewall-users] problem with blrules

I want to leave DNS queries and responses pass through blrules restrictions so I wrote in blrules ACCEPT net $FW udp 53 ACCEPT net $FW tcp 53 ACCEPT $FW net udp 53 ACCEPT $FW net tcp 53 DROPnet:+Blacklist

Re: [Shorewall-users] Problem with clampmss

Wow putting mss=1358 directly in the options column did the trick! Thanks a lot Paolo On 29/03/2016 17:43, Tom Eastep wrote: > On 03/29/2016 08:38 AM, Paolo Prandini wrote: >> The zones file is: >> >> fw firewall >> net ipv4 >> loc ipv4 >> vpn0

Re: [Shorewall-users] Problem with clampmss

Eastep wrote: > On 03/29/2016 08:13 AM, Tom Eastep wrote: >> On 03/28/2016 12:01 PM, Paolo Prandini wrote: >>> I am enclosing it. >>> It seems the same like the old version, but it is not working... >> >> The rules look correct, assuming that yo

Re: [Shorewall-users] Block icmp redirect

It is working now. Thanks a lot! Paolo On 28/03/2016 20:27, Tom Eastep wrote: > On 03/28/2016 09:55 AM, Paolo Prandini wrote: >> Sorry, my question was not clear enough. >> I know about settings for sending and accepting redirects. >> Currently I am not either acce

Re: [Shorewall-users] Problem with clampmss

I am enclosing it. It seems the same like the old version, but it is not working... Thanks On 28/03/2016 20:24, Tom Eastep wrote: On 03/28/2016 10:25 AM, Paolo Prandini wrote: Sorry everybody, I ask for your precious advice again. I am switching from shorewall 4.5.6 and kernel 2.6.18

[Shorewall-users] Problem with clampmss

Sorry everybody, I ask for your precious advice again. I am switching from shorewall 4.5.6 and kernel 2.6.18 to shorewall 5.0.6 and kernel 2.6.32-573 I used mss=1538 in the in options in zones file and CLAMPMSS=yes to handle an IPSEC connection. But with the new setup the same settings don't do

Re: [Shorewall-users] Block icmp redirect

would like to filter the source address of IP redirects and have the kernel accept only those coming from the routers I want. Thanks Paolo On 28/03/2016 17:26, Tom Eastep wrote: > On 03/28/2016 02:19 AM, Paolo Prandini wrote: >> Hi, I allowed on my interface only: >> >> Pin

[Shorewall-users] Block icmp redirect

Hi, I allowed on my interface only: Ping(ACCEPT)net all but I get ICMP redirects anyway. How can I block ICMP redirects? Or maybe there is a shorewall.conf option? Thanks a lot Paolo -- Transform Data into

Re: [Shorewall-users] How to limit bandwidth hog

I am of course interested in controlling both, I know inbound traffic can be a problem, but I remember there is a driver that can make inbound traffic become outbound, let's say so... Thanks again Paolo On 13/09/2014 20.46, Tom Eastep wrote: On 9/13/2014 10:57 AM, Paolo Prandini wrote: I have

[Shorewall-users] How to limit bandwidth hog

I have a question that maybe has a general interest. Sometimes it happens that a customer has really a fast connection and can saturate the bandwidth to our email server, maybe just 5 seconds, but effectively every bit is allocated to this connection, and it is quite annoying for the other users.

[Shorewall-users] tee feature

I would like to use iptables --tee feature to mirror traffic to an IDS Is there an option or a clean way to do it with shorewall? Thanks Paolo -- This SF.net email is sponsored by Windows: Build for Windows Store.