Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [shorewall]

high-level tool for configuring the Linux Netfilter packet filter

The Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities.

Official website

95 questions
0
votes
1 answer

Installing Shorewall on Debian stable

I'm going to install Shorewall on a Debian stable Linux box. The shorewall version in the stable repositories is 4.6.4.3-2. Shorewall website suggests to pin apt preferences and force the download of the new Shorewall version from testing…
mix
  • 83
  • 1
  • 9
0
votes
1 answer

Why is my ISP box talking to my DMZ host?

I have a setup where an internet connection is available via ISP box, which has a DMZ feature (one of the hosts can be exposed to Internet). The general setup is the following Internet - PublicIP - 192.168.0.254 - 192.168.0.10 [ FAI box …
WoJ
  • 3,365
  • 8
  • 46
  • 75
0
votes
0 answers

How do I get default LXC iptable rules into Shorewall?

I'm setting up a server which will be hosting multiple LXC containers. However, starting Shorewall results in loss network access from within the LXC containers. If I reboot the LXC host and leaves Shorewall in a stopped state, LXC containers works…
sbrattla
  • 1,456
  • 3
  • 26
  • 48
0
votes
1 answer

Shorewall: Block repeatedly failling ips on port 22

I am on Fedora 21, and port 22 is open for ssh connections. I am using key-based authentication with password and root logins disabled. My logs are flooded with messages like the ones appended at the end of the post. I am using shorewall, is there…
raratiru
  • 111
  • 5
0
votes
1 answer

DNAT in Shorewall not working for VPN

I have a firewall (10.8.0.1) connected to an internal server (10.8.0.2) via VPN. On the firewall the VPN interface is called tun0. So in my shorewall configuration I have this: $ cat interfaces #ZONE INTERFACE OPTIONS - lo …
Matthias
  • 282
  • 3
  • 16
0
votes
0 answers

Routing Traffic to Subnet through OpenVPN Client Tunnel

I have a Shorewall powered masquerading router: eth0: DHCP client, external interface (net zone) eth1: static, internal interface (loc zone) Now I want to add an OpenVPN client that creates a TUN device when the connection is up: tun1, and I want…
derabbink
  • 251
  • 4
  • 16
0
votes
2 answers

If a packet matches a shorewall policy, can I log the packets (e.g. using tcpdump)?

Let's say I have a policy file, such as fw net ACCEPT net fw DROP trusted fw ACCEPT trusted net ACCEPT untrusted fw DROP* untrusted net ACCEPT all all REJECT What I'd like to do is send all…
Tom Ritter
  • 3,147
  • 5
  • 25
  • 30
0
votes
1 answer

HAProxy fails to connect when Shorewall firewall is enabled on web servers

I have a fairly standard HAProxy / Web Cluster setup, which is running perfectly fine - as long as I don't enable the Shorewall firewall on the web cluster servers. As soon as I do, error messages appear in the HAProxy server's syslog, and the…
josa
  • 1
0
votes
2 answers

Can I use iptables, Shorewall and ipset on the same time?

I'm using iptables for years, because it is a straightforward solution without any magic. But now I'm building a router for myself, I found there are many useful features provided by Shorewall. Is it possible to use iptables and Shorewall on the…
比尔盖子
  • 394
  • 2
  • 10
0
votes
3 answers

Shorewall blacklist not working

We are getting dictionary attacks to our SQL server, So I wanted to block some of the IP's using shorewall blacklist. I mentioned the IP in /etc/shorewall/blacklist as #ADDRESS/SUBNET PROTOCOL PORT Some IP …
Nithin
  • 71
  • 1
  • 1
  • 7
0
votes
1 answer

Shorewall deny all assh access except one user

Hi all I have an ubuntu server with shorewall firewall. I want to deny all ssh access exxcept my user: "alessandro". How can I write this rule in shorewall? Thanks
Alessandro Minoccheri
  • 185
  • 1
  • 5
  • 16
0
votes
1 answer

Expressing iptables rule as shorewall rule

I have been working with a Centos server for a while now. I have set 3 subnetworks in my LAN through alias networks (etho:o, eth0:1, etc). I have a sharer printer in one of those networks, and I would like all the other networks to be able to print…
rodrigocaicedo
  • 1
0
votes
2 answers

Service redirection on same network

I have a network on which I run multiple servers each dedicated to a given service. Because most services run on distinct ports I'm currently looking for a way of unifying "all" services into a single "proxy" machine. The idea is to abstract which…
Unode
  • 483
  • 1
  • 6
  • 11
0
votes
1 answer

Sub-process /usr/bin/dpkg returned an error code (1)

Hey friends i am getting the following error when i am trying to purge shorewall root@aptosid:/etc# apt-get purge shorewall Reading package lists... Done Building dependency tree Reading state information... Done The following packages…
rohit
  • 1
0
votes
1 answer

Track torrent traffic in shorewall

I use shorewall to configure my firewall. Is there anyway to track torrent traffic using shorewall accounting?
ian
  • 131
  • 1
  • 1
  • 5
1 2 3 4
5
6 7