I installed the minimal version of Centos 7, run a yum upgrade
and then yum install shorewall
When I test my configuration with shorewall check ( I only set zones interfaces
policy) , I always get
nf_log: can't load ipt_ULOG, conflicting nfnetlink_log already loaded
What can I do to avoid this
I want to leave DNS queries and responses pass through
blrules restrictions so I wrote in blrules
ACCEPT net $FW udp 53
ACCEPT net $FW tcp 53
ACCEPT $FW net udp 53
ACCEPT $FW net tcp 53
DROPnet:+Blacklist
Wow putting mss=1358 directly in the options column
did the trick!
Thanks a lot
Paolo
On 29/03/2016 17:43, Tom Eastep wrote:
> On 03/29/2016 08:38 AM, Paolo Prandini wrote:
>> The zones file is:
>>
>> fw firewall
>> net ipv4
>> loc ipv4
>> vpn0
Eastep wrote:
> On 03/29/2016 08:13 AM, Tom Eastep wrote:
>> On 03/28/2016 12:01 PM, Paolo Prandini wrote:
>>> I am enclosing it.
>>> It seems the same like the old version, but it is not working...
>>
>> The rules look correct, assuming that yo
It is working now.
Thanks a lot!
Paolo
On 28/03/2016 20:27, Tom Eastep wrote:
> On 03/28/2016 09:55 AM, Paolo Prandini wrote:
>> Sorry, my question was not clear enough.
>> I know about settings for sending and accepting redirects.
>> Currently I am not either acce
I am enclosing it.
It seems the same like the old version, but it is not working...
Thanks
On 28/03/2016 20:24, Tom Eastep wrote:
On 03/28/2016 10:25 AM, Paolo Prandini wrote:
Sorry everybody, I ask for your precious advice again.
I am switching from shorewall 4.5.6 and kernel 2.6.18
Sorry everybody, I ask for your precious advice again.
I am switching from shorewall 4.5.6 and kernel 2.6.18
to shorewall 5.0.6 and kernel 2.6.32-573
I used mss=1538 in the in options in zones file
and CLAMPMSS=yes to handle an IPSEC connection.
But with the new setup the same settings don't do
would like to filter the source address of IP redirects and have the
kernel accept only those coming from the routers I want.
Thanks
Paolo
On 28/03/2016 17:26, Tom Eastep wrote:
> On 03/28/2016 02:19 AM, Paolo Prandini wrote:
>> Hi, I allowed on my interface only:
>>
>> Pin
Hi, I allowed on my interface only:
Ping(ACCEPT)net all
but I get ICMP redirects anyway.
How can I block ICMP redirects?
Or maybe there is a shorewall.conf option?
Thanks a lot
Paolo
--
Transform Data into
I am of course interested in controlling both, I know inbound
traffic can be a problem, but I remember there is a driver that
can make inbound traffic become outbound, let's say so...
Thanks again
Paolo
On 13/09/2014 20.46, Tom Eastep wrote:
On 9/13/2014 10:57 AM, Paolo Prandini wrote:
I have
I have a question that maybe has a general interest.
Sometimes it happens that a customer has really a fast connection and
can saturate the bandwidth to our email server, maybe just 5 seconds,
but effectively every bit is allocated to this connection, and it is
quite annoying for the other users.
I would like to use iptables --tee feature to mirror traffic to an IDS
Is there an option or a clean way to do it with shorewall?
Thanks
Paolo
--
This SF.net email is sponsored by Windows:
Build for Windows Store.
12 matches
Mail list logo