Hi Tom, As I deployed 'blacklist' I missed a step shown in http://www.shorewall.net/blacklisting_support.htm
"You specify the interfaces whose incoming packets you want checked against the blacklist using the "blacklist" option in /etc/shorewall/interfaces." But this made no difference, proving to me that only and entry in /etc/shorewall/hosts as shown below, is required with Shorewall version 4.4.10~Beta4-1 on Ubuntu Kind regards, Trent -----Original Message----- From: Tom Eastep [mailto:[email protected]] Sent: Monday, 5 July 2010 8:54 AM To: [email protected] Subject: Re: [Shorewall-users] http://www.shorewall.net/FAQ.htm#faq84 On 7/4/10 5:49 PM, Trent O'Callaghan wrote: > Hi Tom, > > I have tried Host file with: > inet bond0:0.0.0.0/0!xxx.xxx.128.0/23,xxx.xxx.131.0/24 blacklist > > This works and achieves the same result as breaking the 0.0.0.0/0 net > into two /1's > > So I will stick with this method unless you come up with an update to > Shorewall so that 'blacklist' is not required in hosts. Thanks, Trent. 4.4.11 will include a fix that will allow you to remove that workaround. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
