Hi, I figure how to do this using the rules file:
SECTION BLACKLIST WHITELIST loc:10.1.1.107 all INCLUDE /etc/shorewall/https In /etc/shorewall/https DROP loc net: 173.252.100.27 Now I have another question: to reload the blacklist I'm using the command: shorewall refresh loc2net and the rule appears if i use the command iptables -L but the blocking doesn't work using the refresh command. Only works if I use the shorewall restart command. Why the rule appear but only work if I restart the shorewall? In shorewall.conf I have the option: BLACKLISTNEWONLY=No Thanks again, Wilson -----Mensagem original----- De: Benny Pedersen [mailto:[email protected]] Enviada em: quarta-feira, 27 de fevereiro de 2013 16:32 Para: [email protected] Assunto: Re: [Shorewall-users] blacklist and whitelist Wilson A. Galafassi Jr. skrev den 2013-02-27 19:59: > 10.1.106 tcp 443 whitelist > INCLUDE /etc/shorewall/https (my blacklist) > > How to exclude the internal ip and firewall ip from that blacklist? change it to use blrules file, start with the whitelist on the top of the file, and then follow it by a blacklist in same file, that should be it imho :) ---------------------------------------------------------------------------- -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
