I installed the minimal version of Centos 7, run a yum upgrade
and then yum install shorewall
When I test my configuration with shorewall check ( I only set zones interfaces
policy) , I always get
nf_log: can't load ipt_ULOG, conflicting nfnetlink_log already loaded
What can I do to avoid this pr
I would like to use iptables --tee feature to mirror traffic to an IDS
Is there an option or a clean way to do it with shorewall?
Thanks
Paolo
--
This SF.net email is sponsored by Windows:
Build for Windows Store.
http:/
I have a question that maybe has a general interest.
Sometimes it happens that a customer has really a fast connection and
can saturate the bandwidth to our email server, maybe just 5 seconds,
but effectively every bit is allocated to this connection, and it is
quite annoying for the other users.
I
I am of course interested in controlling both, I know inbound
traffic can be a problem, but I remember there is a driver that
can make inbound traffic become outbound, let's say so...
Thanks again
Paolo
On 13/09/2014 20.46, Tom Eastep wrote:
> On 9/13/2014 10:57 AM, Paolo Prandini wro
Hi, I allowed on my interface only:
Ping(ACCEPT)net all
but I get ICMP redirects anyway.
How can I block ICMP redirects?
Or maybe there is a shorewall.conf option?
Thanks a lot
Paolo
--
Transform Data into Opport
would like to filter the source address of IP redirects and have the
kernel accept only those coming from the routers I want.
Thanks
Paolo
On 28/03/2016 17:26, Tom Eastep wrote:
> On 03/28/2016 02:19 AM, Paolo Prandini wrote:
>> Hi, I allowed on my interface only:
>>
>> Pin
Sorry everybody, I ask for your precious advice again.
I am switching from shorewall 4.5.6 and kernel 2.6.18
to shorewall 5.0.6 and kernel 2.6.32-573
I used mss=1538 in the in options in zones file
and CLAMPMSS=yes to handle an IPSEC connection.
But with the new setup the same settings don't do any
I am enclosing it.
It seems the same like the old version, but it is not working...
Thanks
On 28/03/2016 20:24, Tom Eastep wrote:
On 03/28/2016 10:25 AM, Paolo Prandini wrote:
Sorry everybody, I ask for your precious advice again.
I am switching from shorewall 4.5.6 and kernel 2.6.18
to
It is working now.
Thanks a lot!
Paolo
On 28/03/2016 20:27, Tom Eastep wrote:
> On 03/28/2016 09:55 AM, Paolo Prandini wrote:
>> Sorry, my question was not clear enough.
>> I know about settings for sending and accepting redirects.
>> Currently I am not either accepting or
Eastep wrote:
> On 03/29/2016 08:13 AM, Tom Eastep wrote:
>> On 03/28/2016 12:01 PM, Paolo Prandini wrote:
>>> I am enclosing it.
>>> It seems the same like the old version, but it is not working...
>>
>> The rules look correct, assuming that you have
Wow putting mss=1358 directly in the options column
did the trick!
Thanks a lot
Paolo
On 29/03/2016 17:43, Tom Eastep wrote:
> On 03/29/2016 08:38 AM, Paolo Prandini wrote:
>> The zones file is:
>>
>> fw firewall
>> net ipv4
>> loc ipv4
>> vpn0
I want to leave DNS queries and responses pass through
blrules restrictions so I wrote in blrules
ACCEPT net $FW udp 53
ACCEPT net $FW tcp 53
ACCEPT $FW net udp 53
ACCEPT $FW net tcp 53
DROPnet:+Blacklist
12 matches
Mail list logo