On 04/19/2013 02:13 PM, Fred Maillou wrote: > Hello, > > sshguard detects brute force attacks and blocks IPs according to a > certain algorithm. For it to work it needs a rule: > > iptables -N sshguard > iptables -A INPUT -j sshguard > > And so in Shorewall's started.d/ I created a file and added;
Shorewall has no started.d/ directory. > > #!/bin/bash > iptables -N sshguard > iptables -I INPUT 1 -j sshguard > > Which makes this rule the first one, after which the Shorewall rules are > defined. > > Is this the right way to add such a rule ? When a packet enters it will > go to sshguard. If the packet is not concerned by any rule in there, > will it go back to the first Shorewall INPUT rule ? > > Thanks for suggestions/comments ! In /etc/shorewall/start: run_iptables -N sshguard run_iptables -I INPUT 1 -j sshguard -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
