Shorewal or Shoreline Firewall is is high-level tool for configuring Netfilter.

Even RPM packages are available from long time on most YUM repositories only older versions could be found.
That is the reason I’ve decided to create this repository.

What you will find:
– Shorewall RPMs (starting from version 4.5.21) – If there is public interest I can pull older ones.

How to setup?
Create new repo file in /etc/yum.repos.d

Copy and paste the code
cat shorewall.repo
### Name: Shorewall RPM Repository
### URL:
name = RHEL $releasever - Shorewall -
baseurl =
enabled = 1
protect = 0
gpgcheck = 0

Alternatively to directly download the file you can execute:
cd /etc/yum.repos.d/;wget

What distributions can use it?
I did test with CentOS 5 and 6

How to use it?
If you already have installed shorewall RPM
yum update will pick it.

For initial installation you need to put all modules you need.
For example
yum install shorewall shorewall-core

How Often it updates?
Daily (Version does not change so often)

Where I can find more information about Shorewall?
On the official Shorewall site you can find a ton of information.

Tagged with: , , ,

If you want to see what packages are installed in Debian or Ubuntu system use following commands:

To list all the package installed:

dpkg-query -l

This will return something similar to this:

dpkg-query -l
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name        Version    Architecture      Description
ii  adduser    3.113+nmu3  all   add and remove users and groups
ii  alsa-base  1.0.25+3    all   ALSA driver configuration files
ii  alsa-utils  i386  Utilities for configuring and using ALSA

To show status of all packages in the system

dpkg -l

This will return a long list so it will be good idea to pipe it to less or more:

dpkg -l

| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name        Version    Architecture      Description
ii  adduser    3.113+nmu3  all   add and remove users and groups
ii  alsa-base  1.0.25+3    all   ALSA driver configuration files
ii  alsa-utils  i386  Utilities for configuring and using ALSA

To list installed packages you can also use

dpkg --get-selections

It returns

dpkg --get-selections
adduser install
alsa-base install
alsa-utils install

In addition this allows you to save the software installed by using

dpkg --get-selections > /mybackup/installed-packages.log

and restore on on different machine by issuing

dpkg --set-selections < /mybackup/installed-packages.log
apt-get dselect-upgrade

If you want to see locations where package files reside use

 dpkg -L

This returns:

 dpkg -L alsa-base
Tagged with: , , ,

(Translated from CentALT web site Site offline)


Quite a few system administrators use RHEL 5 or one of multiple clones CentOS or Scientific Linux.

With this repository you will be able fairly easy to install on RHEL/CentOS 5 latest versions of: nginx, php-fpm, unbound, clamav, postfix, dovecot etc. without compiling from source code e.g. famous configure, make, make install.

Packages included in the repository

Clamav — in EPEL repository clamav is with limited functionality – fixed here;

Clamsmtpd — small and fast milter, allowing you to add antivirus detection with ClamAV to MTA Postfix;

Conntrack-tools — tools to manage conntrack from userspace;

Dnstop — application to analyze  DNS queries;

Dovecot — fresh versions of POP3/IMAP server  (note that after installation you might need to fix config files;

Postfix — popular MTA, compiled with support for MySQL, PostgreSQL; VDA patch is included;

Httpd — latest apache version;

Mc — Midnight Commander (version 4.7.0). ;

Memcached — system for object caching in system memory – latest version ;

Mod_rpaf — apache module  substituting REMOTE_ADDR  on backend server with the one from frontend using X-Forwarded-For. It allows to hide frontend/backend infrastructure from the scripts. Allows script to see real user IPs instead frontend one.

Mod_realip2 — similar to  mod_rpaf apache module substituting  REMOTE_ADDR on backend server with value received from frontend, using  X-Forwarded-For.It allows to hide frontend/backend infrastructure from the scripts. Allows script to see real user IPs instead frontend one

Mysql — MySQL with 20 patches from percona project;

Nagios — latest version of monitoring system Nagios;

Nagios-plugins — latest version of plugins for monitoring system Nagios;

Nginx — in repository there are 2 version of this web server:

Package nginx — latest development version of nginx. Following modules are included:

H264 Streaming Module

Package nginx-stable — latest stable version of nginx. Following modules are included:

Php — latest php version including php-fpm patch. Configuration file and init script for php-fpm are in  php-fpm package;

Spawn-fcgi — for those who want to execute PHP scripts via FastCGI, but do not want to upgrade original PHP version;

Unbound — Safe and fast caching DNS server;

Vsftpd — ftp server including patch allowing to configure server and client encoding;

flow-tools — tools to work with Netflow format;

fprobe, ipt_netflow, softflowd, ipcad — to collect Netflow data;

quagga — ospfd, bgpd etc.

Kernel modules – connlimit, ipmark, ipset, ipp2p.

Repository installation

CentALT requires EPEL repository.

Installation procedure:

for i386 architecture:

1. Install epel repository.

rpm -ihv

2. Install CentALT repository.

rpm -ihv

For x86_64 architecture:

1. Install epel repository.

rpm -ihv

2. Install CentALT repository.

rpm -ihv

How to setup mirrors

After CentALT RPM install by default all packages are downloaded from main repository.

To set it up for mirrors you have to change one file and add another.

1. Open with your favorite text editor /etc/yum.repos.d/centalt.repo and change it to look like this:

name=CentALT Packages for Enterprise Linux 5 - $basearch
mirrorlist = file:///etc/yum.repos.d/mirrors-centalt

2. Create new file /etc/yum.repos.d/mirrors-centalt and put following info inside$basearch/$basearch/

3. Clean YUM cache
yum clean all

4. And this is it you can benefit fro CentALT mirrors

Tagged with: , , ,

When you have multiple CIDR subnets in your network subnet mask is often different.

To be certain about correct netmask I’m using CIDR cheat sheet.

You can find it at IPv4 CIDR page.

Note: CIDR is classless inter domain routing.

Tagged with: , ,

Welcome to Sysadmin Guide. This is the first post here.

On this site you will find tutorials related to sysadmin work, but also informational technology (IT) in general.

Stay tuned.

Tagged with: