On 08/21/2015 01:38 PM, Tom Eastep wrote: > > > On 08/21/2015 01:20 PM, Seth Bardash wrote: >> -----Original Message----- >> From: Tom Eastep [mailto:[email protected]] >> Sent: Friday, August 21, 2015 2:12 PM >> To: [email protected] >> Subject: Re: [Shorewall-users] Syntax? >> >>> >>> Any help with syntax would be appreciated. >> >> AutoBL(NS1,30,20,-,1200,DROP,none) ... >> >> This gives an error: >> >> Compiling /usr/share/shorewall/action.AutoBL for chain AutoBL... >> Perl Script Returned False /usr/share/shorewall/action.AutoBL >> (line 37) >> from /etc/shorewall/rules (line 343) >> >> That is why I used err instead. >> >> Also note that if 30 is used in the hitcount field the program >> abort on resart- ie: >> >> AutoBL(NS1,30,30,-,1200,DROP,err):none >> >> or a time of 3600 also aborts the restart. >> >> Running >> [root@fw20m shorewall]# shorewall version >> 4.6.8 > > The attached patch will allow you to specify 'none' in the last > parameter. I'll look at the other issues. >
The maximum hitcount is determined by the 'ip_pkt_list_tot' parameter to the xt_recent module. The default appears to be 20. So if you want to use a value larger than 20, you need to adjust that parameter. I'm unable to reproduce the issue with 3600 -- what shows up in the system log when you experience the failure? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
