I am using shorewall version 4.2.4 (the invoca RPMs). I get this warning when starting shorewall:
WARNING: Destination zone (loc) ignored : /usr/share/shorewall/macro.FTP (line 11) macro.FTP looks like the "base" version that ships with shorewall: #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 21 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE My FTP "rules" are: # forward FTP traffic to the FTP server FTP/DNAT- inet loc:a.b.c.d # slow down Brute Force attacks. Limit the number # of connections per minute that can occur. Limit:ULOG:FTPBFA,4,120 inet loc:a.b.c.d tcp 21 - $ETH2_IP ;where a.b.c.d is the IP address of FTP server behind the firewall. I believe this probably broke when switching to Shorewall-PERL, although I am not positive. I can not remember where the FTPBFA (FTP Brute Force Attack) script lives. Tom helped me create the script originally, but I can not remember where this code lives. I "grep'd" for the string FTPBA in both the /usr/share/shorewall and /etc/shorewal directories and did not come up with anything. I basically want to use port-knocking to limit Bruce Force Attacks. I believe in the past my rule blocked users if they tried to login 4 separate times within a minute and kept attacker locked out for 2 hours (i can not remember for sure). Basically I would like to implement a similar policy with Shorewall-PERL. I have vied the pages http://www.shorewall.net/FTP.html and http://www.shorewall.net/PortKnocking.html, but I am not able to deduce what I need to do in-order to get this rule working again. Thank You for your help. -- ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
