On 07/25/2013 06:33 AM, Tom Eastep wrote: > On 07/25/2013 04:33 AM, Tiemen Ruiten wrote: >> Hello shorewall users, >> >> I'm testing the new Events feature in shorewall 4.5.19 (on Arch Linux) >> and noticed there are a few things that seem to be amiss: >> >> - in /usr/share/shorewall/action.IfEvent, line 50, it says second, not >> seconds (as is documented in the iptables-extensions man page). > Interestingly enough, 'second' seems to be accepted, at least by > iptables 1.4.15. >> - to use SSH limiting as is described in the example on >> http://www.shorewall.net/Events.html, I need to define an additional >> SSH_BLACKLIST action in /etc/shorewall/actions or shorewall check will >> fail with: >> >> ERROR: Unknown ACTION (SSH_BLACKLIST) /usr/share/shorewall/action.IfEvent >> >> - after I add the SSH_BLACKLIST action I get the following warning when >> running shorewall check: >> >> Checking /etc/shorewall/action.SSH_BLACKLIST for chain SSH_BLACKLIST... >> WARNING: Log Prefix shortened to "Shorewall:SSH_BLACKLIST:LOG: " > You can ignore that -- I used the name 'SSH_BLACKLIST' because that's > what the original web article used. > >> /etc/shorewall/action.SSH_BLACKLIST (line 10) >> from /usr/share/shorewall/action.IfEvent (line 138) >> from /etc/shorewall/action.SSH_LIMIT (line 14) >> from /etc/shorewall/rules (line 37) >> >> >> - shorewall check validates the configuration, but when I do a shorewall >> restart I get the following error: >> >> Running /sbin/iptables-restore... >> iptables-restore v1.4.19.1: unknown option "--reap" >> Error occurred at line: 85 >> Try `iptables-restore -h' or 'iptables-restore --help' for more information. >> ERROR: iptables-restore Failed. Input is in >> /var/lib/shorewall/.iptables-restore-input >> Processing /etc/shorewall/stop ... >> Processing /etc/shorewall/tcclear ... >> Running /sbin/iptables-restore... >> IPv4 Forwarding Enabled >> Processing /etc/shorewall/stopped ... >> /usr/share/shorewall/lib.common: line 113: 9618 Terminated >> $SHOREWALL_SHELL $script $options $@ >> >> The contents of iptables-restore-input are in the attachment. >> >> Anything I can do to work around or fix this? > Hmmm -- a similar rule works in my configuration (Debian Wheezy with > iptables 1.4.15 + xtables-addons), even with 'second' rather than > 'seconds'. If you correct that typo in > /usr/share/shorewall/action.IfEvent, does the problem go away? In fact, your same rule works as expected here (please pardon the HTML -- Thunderbird folds long lines in plain text mode):
root@gateway:~/iptables-1.4.15/extensions# iptables -N %IfRecent root@gateway:~/iptables-1.4.15/extensions# iptables -N SSH_BLACKLIST root@gateway:~/iptables-1.4.15/extensions# iptables -A %IfRecent -m recent --rcheck --second 120 --reap --hitcount 5 --name SSH --rsource -j SSH_BLACKLIST root@gateway:~/iptables-1.4.15/extensions# -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
