On 11/1/19 8:40 AM, Tom Eastep wrote:
>> #
>> # Shorewall -- /etc/shorewall/rules
>> #
>>
>> ?SECTION ALL
>> DROP:info net:+BlackList $FW
>> ?SECTION ESTABLISHED
>> ?SECTION RELATED
>> ?SECTION INVALID
>> ?SECTION UNTRACKED
>> ?SECTION NEW
>>
>> --- cut rules none of them related to ipsets.
>>
On 10/31/19 6:42 PM, Nigel Aves wrote:
> Well, I thought I had this working, but no. So confused ( :) ) ..
>
> Start Fail2Ban and do a list of ipsets
>
> [root@apache-web-server ~]# ipset list
> Name: SW_DBL4
> Type: hash:net
> Revision: 6
> Header: family inet hashsize 1024 maxelem 65536
Well, I thought I had this working, but no. So confused ( :) ) ..
Start Fail2Ban and do a list of ipsets
[root@apache-web-server ~]# ipset list
Name: SW_DBL4
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536 timeout 3600 counters
Size in memory: 384
References: 0
I rarely reboot but when I do, I have Shorewall just create an empty ipset from
'init'. These
h@ckorz are going to try again and simply get banned again. I DROP anything in
the ipset
at the beginning of the 'rules' file. This keeps things from getting logged
over and over.
I find using an
On 10/29/19 9:54 AM, Tom Eastep wrote:
>> Questions.
>>
>> 1/ When using shorewall-init does shorewall itself have to be running,
>> or is the compiled shorewall rules loaded directly into iptables?
> If you are relying on Shorewall-init to load the ipset during boot, then:
>
> a) shorewall-init
On 10/27/19 2:57 PM, Nigel Aves wrote:
> As a note, I'm a photographer who likes to run their own server for web
> sites / email server, but I am no sys-admin person. I have though been
> using Shorewall for a number of years now.
>
> I've been building a new server to replace my aging server.
As a note, I'm a photographer who likes to run their own server for web
sites / email server, but I am no sys-admin person. I have though been
using Shorewall for a number of years now.
I've been building a new server to replace my aging server. Centos 7 /
VirtualMin install for software /
