Hi, I've recently blocked a bunch of IP addresses from a country with a red flag, one big golden star in the top left corner and 4 smaller stars next to it, building the shape of a semi circle. Many rules in /etc/shorewall/blacklist are valid and effective, like e.g. 208.115.192.0/18 216.245.192.0/19 221.200.0.0/14 I can see blacklist logs in syslog.
But I have one rule that doesn't block requests: 58.208.0.0/12 I have for sure restarted shorewall (using Shorewall-4.4.11.2), but I still get port scans and http requests from 58.218.199.227 An iptables -L -n shows the entry in the blacklist: Chain blacklog (34 references) target prot opt source destination LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:' DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain blacklst (14 references) target prot opt source destination blacklog all -- 58.208.0.0/12 0.0.0.0/0 I have for sure equipped all external interfaces with the blacklist option: net ppp0 - blacklist net ppp1 - blacklist net ippp1 - blacklist net ippp0 - blacklist net tun1 - blacklist net tun2 - blacklist vpn tun3 - blacklist loc eth0 detect loc eth1 detect loc eth2 detect And BTW, the 58.208... reference is the only one in iptables -L -n. How can I for sure block that IP? I thought, it was included in the above rule. Do I have to worry about my kernel being tainted? Thanx for any hints Rergards Michael ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
