-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/18/2017 10:17 AM, Nigel Aves wrote:
>
> Just tested your fix. Everything seems to be working perfectly from
> the outside and the inside.
>
Glad to hear that it is working, Nigel. Beginning with Shorewall
5.1.1, you will be able to specify
Tom,
Just tested your fix. Everything seems to be working perfectly from the
outside and the inside.
Many Thanks,
Nigel.
On 1/18/2017 10:12 AM, Tom Eastep wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/18/2017 07:01 AM, Nigel Aves wrote:
I've become a little stuck on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/18/2017 07:01 AM, Nigel Aves wrote:
> I've become a little stuck on setting up ipset correctly. I
> followed the instructions from an email as follows:
>
>
> DYNAMIC_BLACKLIST=ipset-only,timeout=3600::info
>
> and in Rules at end
>
>
I've become a little stuck on setting up ipset correctly. I followed
the instructions from an email as follows:
DYNAMIC_BLACKLIST=ipset-only,timeout=3600::info
and in Rules at end
ADD(SW_DBL4:src)net$FW
and after some testing everything seemed to be working all OK. Using
Vieri,
Thank you for your help. I'm running Shorewall 5.0.8.2-1.el7, so that
explains it.
Typically I prefer to use the updates as they become "official" in the
repositories. (I'm no Linux expert :) and I use Webmin / Virtualmin to
help me keep the system running ). I'll hold off for the
- Original Message -
From: Nigel Aves
> But following this post, when I try and change "DYNAMIC_BLACKLIST" it always
> errors out. (Tried both
> solutions in email)>
> ERROR: Invalid value (ipset-only,timeout=3600::info) for DYNAMIC_BLACKLIST
>
> or
>
>
I was trying to implement this "ipset" solution and I keep hitting a brick
wall. I'm no expert on this, so I was hoping for some guidance.
I have searched and searched trying to find the solution but to no avail.
In the Shorewall dump I have the following (which from some documentation seems
- Original Message -
From: Tom Eastep
> First, remove the ADD rules from /etc/shorewall/rules.
>
> You can then copy action.Drop to /etc/shorewall/ and then add this to
> the copy as the last line:>
>ADD(SW_DBL4:src)
Unfortunately, private IP addresses from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/30/2016 03:41 AM, Vieri Di Paola wrote:
>
>
> - Original Message - From: Tom Eastep
>
>> Configure ipset-based dynamic blacklisting:
>> DYNAMIC_BLACKLIST=ipset-only,timeout=3600::info then put this at
>> the
- Original Message -
From: Tom Eastep
> Configure ipset-based dynamic blacklisting:
> DYNAMIC_BLACKLIST=ipset-only,timeout=3600::info
> then put this at the bottom of your rules:
> ADD(SW_DBL4,src)net$FW
I seem to have a few issues with the ipset-based
From: Tom Eastep
> Configure ipset-based dynamic blacklisting:> >
> DYNAMIC_BLACKLIST=ipset-only,timeout=3600::info
>
> then put this at the bottom of your rules:
>
> ADD(SW_DBL4,src)net$FW
I believe the seperator is : instead
Quoting Vieri Di Paola :
Hi,
Suppose I have rules such as:
ACCEPT net $FW tcp 80,443
DNAT net loc:IP tcp 3389
[...etc...]
I'd like to automatically/dynamically blacklist all IP addresses of
hosts that try to connect to any other unlisted port (eg. port tcp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/25/2016 07:12 AM, Vieri Di Paola wrote:
> Hi,
>
> Suppose I have rules such as:
>
> ACCEPT net $FW tcp 80,443 DNAT net loc:IP tcp 3389 [...etc...]
>
> I'd like to automatically/dynamically blacklist all IP addresses of
> hosts that try to
13 matches
Mail list logo