On 07/25/2013 07:02 AM, Tiemen Ruiten wrote: > On 07/25/2013 03:33 PM, Tom Eastep wrote: >> On 07/25/2013 04:33 AM, Tiemen Ruiten wrote: >>> Hello shorewall users, >>> >>> I'm testing the new Events feature in shorewall 4.5.19 (on Arch >>> Linux) and noticed there are a few things that seem to be amiss: >>> >>> - in /usr/share/shorewall/action.IfEvent, line 50, it says >>> second, not seconds (as is documented in the iptables-extensions >>> man page). >> Interestingly enough, 'second' seems to be accepted, at least by >> iptables 1.4.15. >>> - to use SSH limiting as is described in the example on >>> http://www.shorewall.net/Events.html, I need to define an >>> additional SSH_BLACKLIST action in /etc/shorewall/actions or >>> shorewall check will fail with: >>> >>> ERROR: Unknown ACTION (SSH_BLACKLIST) >>> /usr/share/shorewall/action.IfEvent >>> >>> - after I add the SSH_BLACKLIST action I get the following >>> warning when running shorewall check: >>> >>> Checking /etc/shorewall/action.SSH_BLACKLIST for chain >>> SSH_BLACKLIST... WARNING: Log Prefix shortened to >>> "Shorewall:SSH_BLACKLIST:LOG: " >> You can ignore that -- I used the name 'SSH_BLACKLIST' because >> that's what the original web article used. >> >>> /etc/shorewall/action.SSH_BLACKLIST (line 10) from >>> /usr/share/shorewall/action.IfEvent (line 138) from >>> /etc/shorewall/action.SSH_LIMIT (line 14) from >>> /etc/shorewall/rules (line 37) >>> >>> >>> - shorewall check validates the configuration, but when I do a >>> shorewall restart I get the following error: >>> >>> Running /sbin/iptables-restore... iptables-restore v1.4.19.1: >>> unknown option "--reap" Error occurred at line: 85 Try >>> `iptables-restore -h' or 'iptables-restore --help' for more >>>>> -Tom >>>>> >>>> ------------------------------------------------------------------------------ >>>> See everything from the browser to the database with AppDynamics >>>> Get end-to-end visibility with application monitoring from AppDynamics >>>> Isolate bottlenecks and diagnose root cause in seconds. >>>> Start your free trial of AppDynamics Pro today! >>>> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk >>>> _______________________________________________ >>>> Shorewall-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> information. ERROR: iptables-restore Failed. Input is in >>> /var/lib/shorewall/.iptables-restore-input Processing >>> /etc/shorewall/stop ... Processing /etc/shorewall/tcclear ... >>> Running /sbin/iptables-restore... IPv4 Forwarding Enabled >>> Processing /etc/shorewall/stopped ... >>> /usr/share/shorewall/lib.common: line 113: 9618 Terminated >>> $SHOREWALL_SHELL $script $options $@ >>> >>> The contents of iptables-restore-input are in the attachment. >>> >>> Anything I can do to work around or fix this? >> Hmmm -- a similar rule works in my configuration (Debian Wheezy >> with iptables 1.4.15 + xtables-addons), even with 'second' rather >> than 'seconds'. If you correct that typo in >> /usr/share/shorewall/action.IfEvent, does the problem go away? >> > Changing line 101 in /usr/share/shorewall/action.IfEvent > from > $duration .= '--reap '; > to > > $duration .= '';
The command is valid as released -- if you have to hack up the code to make it work, there is something wrong with your kit. > > I can make shorewall compile, but blacklisting doesn't seem to work. I > corrected the second/seconds type as well. > > I made multiple attempts to login via SSH, unfortunately nothing was > logged and no connection attempts were blocked. > > Should there be an SSH_COUNTER event defined as well? Yes. Please forward the output of 'shorewall dump' collected as described at http://www.shorewall.net/support.htm#guidelines Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
