Re: [leaf-user] Question on Shorewall/blacklist/DNAT

Sun, 21 Dec 2003 08:30:27 -0800

Yup, did all that.

The actual file reads:

net     eth0    detect  dhcp,routefilter,norfc1918,blacklist
loc     eth1    detect
dmz     eth2    detect


And the ip's are showing up in the shorewall status under the blacklist column.

Thanks

Tony


Victor McAllister wrote:
Tony wrote:

Good Morning,

I have the latest version of Bering UlibC with shorewall 1.4.5.  I also
run a DMZ with an ftp server.  The DNAT rule logs at the info level so I
can see who is accessing the server.  I have blacklisted China and Korea
according to http://www.okean.com/asianspamblocks.html

Now, last night, I get a hit from:

Dec 21 01:09:40 firewall kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT=
MAC=00:20:af:9f:15:ff:00:09:12:85:08:70:08:00 SRC=210.82.163.1
DST=66.67.173.226 LEN=60 TOS=0x10 PREC=0x00 TTL=38 ID=24530 DF PROTO=TCP
SPT=3457 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0

But, my blacklist includes 210.82.0.0/15

Also, my shorewall log shows no hit which I didn't expect to, and the
counter in "shorewall status" shows one hit for that range.

My question is, did he get blocked or allowed access?
It looks as thought he got access.

Thanks,

Tony


Did you actually put the word blacklist in the interfaces file /etc/shorewall/interfaces

net ppp0 norfc1918,blacklist

as welll as fil out the list of IPs to blacklist

then do a backup and a shorewall restart




-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to