Somewhat related, I'd like to see a much more lightweight combination of blacklisting and the "drop" feature. Here's why...
As the day(s) go(es) on I will see activity in my logs which I just don't like and I will typically just log onto the shorewall-lite machine and do a "shorewall drop ..." on the host. The problem is of course that that's only temporary -- until the next rule load/reload/restore, etc. The other option is to add to the blacklist and then "shorewall reload gateway". That's permanent, but a "heavy" operation (compared to just shorewall-lite drop ...), but also, it's only valid until the gateway does a reload/restore, etc., unless I also issue a shorewall-lite save on the gateway. So either way I have to log into the gateway, which I'd like to avoid and I'd also like to avoid the heavy operation of editing a file and a full reload just to blacklist. What I think would be nice is a "shorewall blacklist <ip>" command that simply populates a table on a running shorewall[-lite] system (like drop does currently) but also stores that IP (on the the shorewall-lite system if that's the case) where a restore/restart reads the list and applies them to the blacklist. This way I get permanence, light-weight additions and additions that can be done without visiting the shorewall-lite machine. Thots? b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
