On Monday 14 November 2005 19:20, Charles Steinkuehler wrote: > Tom Eastep wrote: > | On Saturday 12 November 2005 04:59, Charles Steinkuehler wrote: > |> | What's the "right" way to do this in shorewall? > |> > |> Never mind...after testing some blacklist rules (and some sleep!), I > |> noticed the port specificaitons in the blacklist file are destination > |> ports, so I can block the above traffic by port (and wildcard 0/0 source > |> address). > | > | That's the way I do it. > | > :) Thanks again for the great package! > > As a note for the documentation, I didn't see any mention of the port entry > being for source or destination, so I assumed it was source (ie: matching > the IP address) until I actually created some blacklist entries and > examined the rules generated. The documentation in the file doesn't > mention anything about src/dst port, nor does the online docs for the 2.0 > branch: ------------------------------------------------------------------------------ http://www1.shorewall.net/Documentation.htm#Blacklist http://www1.shorewall.net/2.0/Documentation.htm#Blacklist
PORTS
Optional; may only be given if PROTOCOL is tcp, udp or icmp. Expressed as
a comma-separated list of port numbers or service names (from /etc/services).
If present, only packets destined for the specified protocol and one of the
listed ports are blocked. When the PROTOCOL is icmp, the PORTS column
contains a comma-separated list of ICMP type numbers or names (see “iptables
-h icmp”).
-------------------------------------------------------------------------------
Is "only packets destined for the specified protocol and one of the listed
ports are blocked." not clear?
I agree that the documentation in the /etc/shorewall/blacklist file isn't as
clear and I will fix it when I get the chance.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
pgpiLKzTo5Z28.pgp
Description: PGP signature
