> On 04/19/2013 02:13 PM, Fred Maillou wrote:
> > Hello,
> >
> > sshguard detects brute force attacks and blocks IPs according to a
> > certain algorithm. For it to work it needs a rule:
> >
> > iptables -N sshguard
> > iptables -A INPUT -j sshguard
> >
> > And so in Shorewall's started.d/ I created a file and added;
>
> Shorewall has no started.d/ directory.
I've been working with those systems for so long that I forgot about
that. Those systems do have Shorewall st*.d directories. The main
start/started/stop/stopped files have a run-parts <directory> in them.
This enables different processes/features of the system to add to the
firewall by not modifying a single start/stop file. Makes it easier
to add various clearly identified small components to the
firewall. The systems are configured by end users. Depending on what
users chooses, independent processes can add to the firewall in this
way.
This being said, this haven't been used much and there is a major
drawback to this initial way of doing things, which is the assumption
that everything works and that there's no need to catch errors.
Time to update this old way then.
It would be nice to keep the same modularity while being able to return
error codes to Shorewall so that Shorewall could run something like
stop_firewall when something's wrong.
Currently if a run_parts located in the started file returns 1,
Shorewall does:
Processing /etc/shorewall/started ...
run-parts: /etc/shorewall/started.d/filler exited with return code 1
done.
And the firewall is up and running even if there was an error.
So, is there a Shorewall call that could be used, similar perhaps to
run_iptables, to execute any type of script/utility returning either 0
or 1 ? This call could be used to execute the main run_parts.
Thanks for any comments/suggestions !
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
