Make that src not dst.
John R. Hill Director Of Technologies 812-314-8920 option #3 -----Original Message----- From: Hill, John [mailto:jh...@columbuscontainer.com] Sent: Thursday, August 26, 2010 12:58 PM To: Shorewall Users Subject: Re: [Shorewall-users] ipset help I think I have found my solution. I set up ipset lists Blacklisthosts iphash Blacklistnets ipnethash I populated them. In the blacklist file: +Blacklistnet[src] tcp 25 +Blacklisthosts[src] tcp 25 Restarted Shorewall now it drops dst port 25 in these sets. John R. Hill Director Of Technologies 812-314-8920 option #3 -----Original Message----- From: Tom Eastep [mailto:teas...@shorewall.net] Sent: Thursday, August 26, 2010 9:45 AM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] ipset help On 8/26/10 4:55 AM, Hill, John wrote: > I have the new iptables and the 1.24 xtables-addons working. (Any > reason not to upgrade this version?) As I mentioned in an earlier post, I've been unable to make iptables play with ipset on Lenny with any later xtables-addons release. > The new ipset 4.2 does not support binding. I have dug all over and > tried different ideas, nothing works. It was announced at least two years ago that binding was being de-implemented in ipsets. > > I am trying to block certain port traffic, only, on some networks and > some individual hosts. I was able to do it using the previous > Shorewall instructions, that no longer works without binding support. > Can anyone point me to a tutorial. man ipset > It looks like the ipporthash and netporthash might work. The man pages > are as vague as my emails. Those will work. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------ ------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
