On 23-Feb-18 02:17, Tom Eastep wrote:
> On 02/22/2018 06:08 PM, James Andrewartha wrote:
>> On 23/02/18 10:01, Tom Eastep wrote:
>>> On 02/22/2018 05:39 PM, Spyros Stathopoulos wrote:
As there is no access control
from the device itself I can only limit the connection from shorewall.
>>>
Am 21.02.2018 um 01:38 schrieb Tom Eastep:
3) With the wide availability of ipset-based blacklisting, the need
for the 'refresh' command has been largely eliminated. As a result,
that command has been removed.
Dear Tom,
I use traffic shaping on multiple hosts, all connected via DSL
Hi,
In my LAN I have two networks on the same physical infrastructure (no VLAN):
10.215.0.0/16 and 192.168.200.0/24
The LAN interface on Shorewall firewall/gateway has proxy_arp enabled for some
cases, but it seems to be initerfering with ARP requests. This is what I see on
the Shorewall box w
On 2/23/2018 5:44 AM, Spyros Stathopoulos wrote:
So would it make sense to put the device in a different subnetwork (say
10.0.7.1/24), create a VLAN (eg. eth1:0) and a new zone out of eth1:0
and do SNAT into the new subnetwork? I have done that to access me PPP
modem on the WAN interface and it
On 02/23/2018 02:44 AM, Spyros Stathopoulos wrote:
> On 23-Feb-18 02:17, Tom Eastep wrote:
>> On 02/22/2018 06:08 PM, James Andrewartha wrote:
>>> On 23/02/18 10:01, Tom Eastep wrote:
On 02/22/2018 05:39 PM, Spyros Stathopoulos wrote:
> As there is no access control
> from the device i
On 02/23/2018 05:01 AM, Alexander Stoll wrote:
> Am 21.02.2018 um 01:38 schrieb Tom Eastep:
>
>> 3) With the wide availability of ipset-based blacklisting, the need
>> for the 'refresh' command has been largely eliminated. As a result,
>> that command has been removed.
>
> Dear Tom,
>
On 02/23/2018 06:42 AM, Vieri Di Paola via Shorewall-users wrote:
> Hi,
>
>
> In my LAN I have two networks on the same physical infrastructure (no VLAN):
> 10.215.0.0/16 and 192.168.200.0/24
>
> The LAN interface on Shorewall firewall/gateway has proxy_arp enabled for
> some cases, but it seem
I have a hyper-paranoid least-privilege security design on my network.
I use a layer-3 switch with each port as its own VLAN, and the 10GBe
uplinks as VLAN trunks. Since the individual devices do not "see" the
VLAN assignment (since it's done at the switch and above), all traffic
runs through the
From: Tom Eastep
>>
>> Can I avoid replying ARP requests for 192.168.200.0/24 only?
>>
> Yes -- add a DROP entry in /etc/shorewall/arprules.
Thanks. However, I don't understand why the ARP replies were generated even if
I set "arp_filter=1" for that interface
On 02/23/2018 02:18 PM, Vieri Di Paola via Shorewall-users wrote:
>
>
> From: Tom Eastep
>>>
>>> Can I avoid replying ARP requests for 192.168.200.0/24 only?
>>>
>> Yes -- add a DROP entry in /etc/shorewall/arprules.
>
>
> Thanks. However, I don't understand why
10 matches
Mail list logo
