Good Morning,
I have the latest version of Bering UlibC with shorewall 1.4.5. I also
run a DMZ with an ftp server. The DNAT rule logs at the info level so I
can see who is accessing the server. I have blacklisted China and Korea
according to http://www.okean.com/asianspamblocks.html
Now, last
Tony wrote:
Good Morning,
I have the latest version of Bering UlibC with shorewall 1.4.5. I also
run a DMZ with an ftp server. The DNAT rule logs at the info level so I
can see who is accessing the server. I have blacklisted China and Korea
according to
Yup, did all that.
The actual file reads:
net eth0detect dhcp,routefilter,norfc1918,blacklist
loc eth1detect
dmz eth2detect
And the ip's are showing up in the shorewall status under the blacklist
column.
Thanks
Tony
Victor McAllister wrote:
Tony wrote:
Good Morning,
On Sunday 21 December 2003 06:00 am, Tony wrote:
But, my blacklist includes 210.82.0.0/15
Also, my shorewall log shows no hit which I didn't expect to, and the
counter in shorewall status shows one hit for that range.
My question is, did he get blocked or allowed access?
It looks as
OK, so what you're saying is the packet was logged up in the pre-routing
NAT section before it got dropped by the blacklisting filter at the
Forward section?
Thanks,
Tony
Tom Eastep wrote:
snip
No. Blacklist rules are enforced in the 'filter' table whereas DNAT is logged
out of the 'nat'
On Sunday 21 December 2003 08:36 am, Tony wrote:
OK, so what you're saying is the packet was logged up in the pre-routing
NAT section before it got dropped by the blacklisting filter at the
Forward section?
Yes.
If you want to log these connections out of the FORWARD chain, replace your