I add the list into the /etc/shorewall/blacklist file and then either restart or refresh shorewall, but it never finishes. When I look at iptables while shorewall is starting I see a number of rules added, but then I see a number of rules added for dropping from the opendns fail servers (hit-nxdomain.opendns.com and hit-servfail.opendns.com). I assume these are from it doing lookups on domains that are no longer there since the list was compiled, so it ends up adding rules blocking those, which then seems to halt the list processing shortly thereafter.
I tried adding ACCEPT rules in for the ip ranges and domain names for the opendns servers but it didn't make a difference (apparently the blacklist processing overrides the rules in the rules file?).
Is there anything I can do short of pre-processing the lists to filter out the no-longer-there domains?
I'm currently using shorewall 3.4.8 (yeah I know, I just haven't taken the time to upgrade and figure out what all I would need to reconfigure since this is my VPS box).
Thanks. Mark II -- Mark D. Montgomery II http://www.techiem2.net
pgph7nBzytOH1.pgp
Description: PGP Digital Signature
------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
