I set up an SSH auto blacklist as the docs explained.
Using a miodified stock rule in the ?new section
AutoBL(SSH,-,-,-,REJECT,warn) net $FW tcp 22,2222
Also in the ?new section
I have a dnat rule for port 2222 to a loc:xxx.xxx.xxx.xxx:22
In ?all section
I have SSH(ACCEPT) all
If either rule is active the blacklist does not trigger on the active one.
Example I # the dnat rule reload test and show events will show hits.
Activate it and nothing?
I tried it unmodified with same results.
My goal is to monitor these 2 ports 2222 and 22 and blacklist repetitive
attempts.
Any help would be appreciated.
Thanks
John Hill
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
