Hi All! Been quite a few years and lots of water under the bridge but here I am back!
I have a customer that has now decided they need a bit more bandwidth over and above their fixed line! They are not in a good area for ADSL because of copper theft and being a bit to far from the closest DSLAM! They have installed a wireless link and I have made certain that put it behind my simple iptables firewall! My old script will no longer cut it as I need all the raw power of Shorewall! I had total success with it in the past in a very complex situation! Almost like multiple DMZ type of setup! Since those days the simple script based iptables generator has served me well! Re-reading all the documentation the standardish 2 interface will do pretty well plus adding the extra bits to handle the two internet lines on one interface! What a joy that they both have static ip's! I don't see any real problems in getting it up and running! Now comes the little problem! I chose many years ago to use sshdfilter because it was the most effective sshd blocker I found! Only suffers from a little problem! It needs a table/chain created call SSHD and then a rule added like this! # patched for sshdfilter /sbin/iptables -I INPUT -p tcp -m tcp --dport 22 -j SSHD The rest of the sshdfilter doing its work of added and removing ip address from the DROP table should be of no concern! Now I had had a bit of a go at trying to figure out how to add the table and the rule but maybe I'm just asking the wrong question in Google! Even this mail list altohjgh it has a bit on brute force ssh attacks and discusses sshdfilter there is no reference to shorewal and creating the required extras! At a guess I would start with the actions file to add a rule but adding the SSHD table is another whole story! Any ideas anyone! Crack this one and Shorewall will go back into all my customers! My old script is past it's sell by date! Cheers Ang -- Angela Williams angierfw at gmail dot com Linux/Networking Hacker Blog http://angierfw.wordpress.com Smile! Jesus Loves You! ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
