JM wrote: > Hello there, > > I'd like to understand something. > Today I tried to blacklist one single IP via the > /etc/shorewall/blacklist file (+ blacklist option activated on my "net" > interfaces + shorewall restarted) > I couldn't block the trafic through my gateway (= my shorewall) > > I saw with iptables a new chain "blacklst", containing one DROP rules > with the IP I tried to block. > The byte counter didn't increase, but the byte counter for the blacklst > chain did. > The trafic (from net -> dmz) was still going on. > > So I decided to insert (not append) a DROP rule directly with iptables > (in INPUT chain), still not working. > Then I decided to insert the same in the FORWARD chain, the traffic > stopped, which I can understand because it was some trafic "through" the FW. > > ==> Question: what does the blacklist option do / do not? not adding in > FORWARD ? not adding everywhere, let say? > Have I done something wrong?
Blacklisting is applied to both INPUT and FORWARD. Your confusion probably stems from having BLACKLISTNEWONLY=Yes in shorewall.conf. With that setting, only NEW connections are blocked -- existing connections continue to work. If you want to be able to use blacklisting to break existing connections then you must set BLACKLISTNEWONLY=No, ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
