Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [shorewall]

high-level tool for configuring the Linux Netfilter packet filter

The Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities.

Official website

95 questions
0
votes
2 answers

Possible hack attack in Ubuntu Server?

I am having a Ubuntu 10.04 Server with Shorewall 4.4.6. For some days, i have been seeing that the logs shorewall.log, kernel.log and syslog getting to huge sizes above 20G per log. It occupied all the free disk space, Server become dread slow and…
Vishnu Kumar
  • 131
  • 5
0
votes
1 answer

I would like to redirect port 8140 on my public IP address (ip1) to port 8140 on Internet host (ip2)

edit3: i would like to get exactly what is descripted in http://shorewall.net/FAQ.htm#faq1g but it doesn't work for me. edit3 end; os: debian squeeze shorwall: 4.4.11.6-3 3 computers a, b & c; shorewall is on computer b i would like to dnat port…
c33s
  • 1,465
  • 3
  • 20
  • 39
0
votes
1 answer

Prevent Shorewall log entries for specific IP address and/or port

I have Shorewall firewall setup on a Debian server which is working fine. I get various log entries in /var/log/messages when packets are dropped, as expected, for example: Aug 17 19:09:07 cheetah kernel: [80026654.168568]…
user442879
  • 101
0
votes
2 answers

Uploads fail with shorewall enabled

I have an Ubuntu 8.04 server with shorewall 4.0.6 installed. When I try to upload files using FTP, SCP, or cURL the file upload stalls almost immediatly and eventually times out. If I turn off shorewall then the uploads work fine. I don't have any…
JamesArmes
  • 205
  • 3
  • 9
0
votes
1 answer

Shorewall Drops the IP

We are using shorewall on Linux server in our LAN environment. The Client machines using windows XP. When I try to connect to a remote machine( The remote machine has static IP) from my windows XP machine , the shorewall which drops the static…
Boby
  • 1
  • 1
0
votes
1 answer

Shorewall drop all incoming traffic from one internet IP except for all local host except two

How i can block all incoming traffic from one internet IP for the local network, except for two host? DROP all inet:78.31.8.0/24 - - The previous rule block all the incomming traffic from internet, but, how can allow the…
Peak
  • 1
  • 1
0
votes
1 answer

Shorewall Bridge

How do I create a rule Shorewall for bridging port 443 from eth0 to eth1?
Paisal
  • 101
  • 1
0
votes
1 answer

How can I redirect HTTP(S) traffic to another gateway?

I have a network like 192.168.0.0/15 with the default gateway set to 192.168.0.1. All the workstations of the network use this gateway for all kind of accesses to the Internet. Now I am testing a new Internet connection with another provider and for…
PsyStyle
  • 309
  • 1
  • 4
  • 12
0
votes
1 answer

shorewall masquerading from tun0 to ppp0

First interface is ppp0 (pptp vpn) Second inteface is tun0 (openvpn) Third interface eth0 (default gw interface) Openvpn is set to change default route on client for all packets to go through tun0 vpn, that part is working ok. I would like to make…
damir
  • 353
  • 2
  • 7
0
votes
1 answer

Debian firewall: Shorewall - VPN2VPN policy doesn't work

I have a problem with my shorewall policy. There are 4 zones configured in shorewall but the policy vpn2vpn:accept doesn't work. I want to establish connections between PPTP clients. They are dropped when using the current policy. However if I…
Eliasdx
  • 277
  • 3
  • 13
0
votes
2 answers

I've been asked to replace the firewall with DD-WRT. Is this feasible?

Currently we have shorewall running as our firewall, but we're switching over our network to something lighter. We were thinking of using a Linksys E2000 and installing DD-WRT. We have a cable internet connection with three assigned IPs. As part…
jeffkolez
  • 147
  • 7
0
votes
3 answers

Shorewall: temporarily drop incoming traffic except port 22?

When I work on configuration files, especially of the mail server, I would like to temporarily drop all the incoming traffic except the port 22. So, I don't risk to lose incoming mails if I need to move the mail server to another server, or…
Magnetic_dud
  • 1,034
  • 2
  • 15
  • 28
0
votes
1 answer

Shorewall: IPSet from blrules not applying

We're hoping to make use of IPSet to manage temporary IP blocking from sources (CSF+LFD, fail2ban, wherever relevant). The purpose would be that routers using Shorewall at the edges would make use of these to block traffic from malicious remotes…
Adambean
  • 156
  • 1
  • 1
  • 9
0
votes
0 answers

Debian Server crashes on Shorewall restart. OOM messages in kern.log

I have been adding rules and restarting shorewall for a couple years now on this box (3.16.0-0.bpo.4-amd64 #1 SMP Debian 3.16.39-1+deb8u1~bpo70+1). Shorewall version 4.5.5.3 iptables v1.4.14 Mem: 3.8G 2.4G 1.4G 0B …
cpiro
  • 1
  • 1
0
votes
1 answer

Configuring shorewall's masq file for a three-interface firewall connected to a router with a single static IP address

I am trying to follow the guide for setting up a "three-Interface Firewall" running Shorewall version 5.0.4. (https://shorewall.org/three-interface.htm). I also have a Procurve switch that ethernet. I have a single static IP from my ISP which my…
Paul Ryan
  • 13
  • 3
1 2 3 4 5
6
7