Re: [Shorewall-users] Syntax?

Seth Bardash Fri, 21 Aug 2015 13:24:06 -0700

 -----Original Message-----
From: Tom Eastep [mailto:[email protected]] 
Sent: Friday, August 21, 2015 2:12 PM
To: [email protected]
Subject: Re: [Shorewall-users] Syntax?




On 08/21/2015 11:56 AM, Seth Bardash wrote:
> In an effort to limit DNS hits I added this to the rules file:
> 
> AutoBL(NS1,30,20,-,1200,DROP,err)     net     dmz:192.168.3.XXX
> udp   53              ## Auto Blacklist NS1
> AutoBL(NS2,30,20,-,1200,DROP,err)     net     dmz:192.168.3.XXY
> udp   53              ## Auto Blacklist NS2
> AutoBL(NS3,30,20,-,1200,DROP,err)     net     dmz:192.168.3.XXZ
> udp   53              ## Auto Blacklist NS3
> AutoBL(NS4,30,20,-,1200,DROP,err)     net     dmz:192.168.3.XXA
> udp   53              ## Auto Blacklist NS4
> 
> I also set up the DNS servers for no recursion and rate-limit of
> 5. This gets me to reject most of the packets but I would like
to
> stop them at the firewall.
> 
> It works and does what it is supposed to but I want to limit or
> eliminate the AutoBL and the %AutoBL entries in the shorewall
log.
> 
> I tried :
> 
> AutoBL(NS1,30,20,-,1200,DROP,err):none        net
dmz:192.168.3.XXX
> udp   53              ## Auto Blacklist NS1
> 
> but this does not do anything.
> 
> Any help with syntax would be appreciated.

AutoBL(NS1,30,20,-,1200,DROP,none) ...

This gives an error:

Compiling /usr/share/shorewall/action.AutoBL for chain AutoBL...
Perl Script Returned False /usr/share/shorewall/action.AutoBL
(line 37)
      from /etc/shorewall/rules (line 343)

That is why I used err instead.

Also note that if 30 is used in the hitcount field the program
abort on resart- ie:

 AutoBL(NS1,30,30,-,1200,DROP,err):none

or a time of 3600 also aborts the restart.

Running 
[root@fw20m shorewall]# shorewall version
4.6.8

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather
who
Shoreline,         \ died peacefully in his sleep. Not screaming
like
Washington, USA     \ all of the passengers in his car
http://shorewall.net
\________________________________________________


-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.6125 / Virus Database: 4392/10472 - Release Date:
08/20/15



------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Syntax?

Reply via email to