On 2/23/2014 2:29 AM, Igor Sverkos wrote: > Hi, > > 1) I have multiple (ip)sets containing addresses to blacklist. I could > add them to the blrules file but for statistics (I need to know how > many connections were blocked from set A and how many were blocked > from set B) I need to differentiate between the sets. > > Can I do that with blrules or do I have to use the rules file?
You can use the blrules file. > > 2) I saw the "RATE LIMIT" and "CONNLIMIT" columns in the blrules file. > Can somebody explain to me the usage scenario of these columns in > blacklist? Does it mean if I set a limit of 10 cons per minute that > only 10 connection per minute will be blacklisted? Yes. The blrules file uses the same rule processor as the rules file, so the columns are the same. As a consequence, some of the columns in blrules may not be particularly useful. > > > 3) I need to log each blacklisted connection attempt. But to prevent > my logs from filling up with redundant data I'd like to set a log > limit like "log only 1 connection attempt per host/dst port > combination per n seconds" like I can do in the rules file. This > doesn't seems to be possible with the blrules files, right? You can set the LOGLIMIT option in shorewall.conf to limit logging by source IP. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
