On Mon, May 28, 2012 at 10:29 PM, Tom Eastep <[email protected]> wrote: > > Make that the ADD action. >
I managed to find it anyway but now I'm running into another difficulty. How do I express in /etc/shorewall/rules that I want to match all packets whose source (or destination) port matches a bitmap:port ipset? Adding +setname to what seems to be the right column doesn't actually work. What I want to have is an ipset consisting of ports for which any attempt to connect to them from the internet will automatically cause the source ip address to be added to a blacklist ipset. (In the future I will invert this rule to an ipset holding a whitelist of ports for which incoming connections are allowed and will send all other connection attempts directly to the ip blacklist). ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
