-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Eastep wrote:
| On Saturday 12 November 2005 04:59, Charles Steinkuehler wrote: | |> | |> | What's the "right" way to do this in shorewall? |> |> Never mind...after testing some blacklist rules (and some sleep!), I |> noticed the port specificaitons in the blacklist file are destination |> ports, so I can block the above traffic by port (and wildcard 0/0 source |> address). | | That's the way I do it. :) Thanks again for the great package! As a note for the documentation, I didn't see any mention of the port entry being for source or destination, so I assumed it was source (ie: matching the IP address) until I actually created some blacklist entries and examined the rules generated. The documentation in the file doesn't mention anything about src/dst port, nor does the online docs for the 2.0 branch: http://www.shorewall.net/2.0/blacklisting_support.htm http://www.shorewall.net/2.0/Documentation.htm#Blacklist I'm running shorewall from Debian stable (2.2.3-2), so perhaps this is fixed in a newer release (looks like this is all handled differently in 3.0 anyway). Next up...trying to get IPSec working on debian with a patched kernel and iptables. I've got everything compiled and the kernel even runs (thanks to tips at the shorewall site!), I just haven't had time to learn the new 2.6 IPSec configuration yet and test everything. If I'm lucky, I'll even be able to get it working with proxy-arp w/o having to allocate a unique public IP to each interface! - -- Charles Steinkuehler [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDeVPlLywbqEHdNFwRApYgAJsEyHjO2IAYtUwl2RxYKSJ085kzBQCgibac +/TPWWQG87BbWNsBdBRcQnM= =o4RI -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
