On an existing Linux server, I use Firewalld
For a stand-alone firewall I use pfSense
I still feel shorewall is fantastic!! Loved it all the years and still do.
On 2025/02/03 17:21, cov...@ccs.covici.com wrote:
If shorewall is no longer maintained, what do people recomend instead
-- it seems to be working, although I cannot integrate it with
tailscale, which would be nice.
On Mon, 03 Feb 2025 00:20:06 -0500,
Tom Eastep wrote:
You are correct - it is the hyphen. In these contexts, Shorewall
accepts an IP address range (<addr1>-<addr2>). A hyphen in a DNS name
is therefore being processed accordingly.
As Shorewall is no longer maintained, that is not going to change (and
I'm not sure I would have changed it if I were still supporting the
code). The best workaround is to resolve these DNS names in the params
file and assign the result to a shell variable; then expand the shell
variable where you need to use the address(es).
-Tom
On 2/2/25 2:50 PM, Philip Pemberton via Shorewall-users wrote:
On 02/02/2025 21:19, Tuomo Soini via Shorewall-users wrote:
Hyphen is not the issue. Issue is non-fqdn hostname, I'd guess.
Documentation is very clear, it advices against dns names.
Please read this part of documentation carefully and please, don't use
dns name in config.
https://shorewall.org/manpages/shorewall-names.html#idm30
Nope, it's definitely the hyphen. I changed one of the "rules" lines to:
SMTP/DNAT net loc:int-mailserver.locnet.philpem.me.uk
And got a very similar error:
shorewall[2924742]: ERROR: Invalid IP Address (int) /usr/share/
shorewall/macro.SMTP (line 12)
shorewall[2924742]: from /etc/shorewall/rules (line 84)
Note that in the error, only the part of the FQDN before the hyphen
is shown: Shorewall is trying to resolve "int", which doesn't exist.
I've read the documentation and am aware of its limitations.
I only use this feature for hostnames on my own local LAN, defined
in the router's /etc/hosts (they're served with dnsmasq). Life is
just easier when everything is in one place.
Thanks.
--
Tom Eastep \ Q: What do you get when you cross a mobster
Shoreline, \ with an international standard?
Washington, USA \ A: Someone who makes you an offer you
http://shorewall.org \ can't understand
\________________________________________
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
