I came across an interesting article on ipsets and would like to incorporate the techniques in it into my shorewall configuration. Right now I am using scripts in /etc/local.d to add the rules after shorewall has been started normally but I'd like to be able to do it the right way.
http://www.linuxjournal.com/content/advanced-firewall-configurations-ipset?page=0,2 The rule I have set up matches packets with --state NEW and certain destination ports and then uses -j SET --add-set to add the source ip address to my blacklist ipset. What would be the right way to do this entirely within shorewall, without using an external script to modify the filter table after shorewall is done loading? ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
