Re: [Shorewall-users] Bot ban by --string 'ylmf-pc'

Mon, 04 Apr 2016 08:33:17 -0700 

On 04/04/2016 07:51 AM, Tom Eastep wrote:
> On 04/04/2016 01:53 AM, Florian Piekert wrote:
>> Hello everybody,
>>
>> I picked up something a few months back and now tried to switch it on on my 
>> box.
>>
>>> On 02/21/2016 04:41 AM, Benny Pedersen wrote:
>>>> iptables -I INPUT -p tcp --dport 25 -m string --algo bm --string
>>>> 'ylmf-pc' -j DROP
>>>>
>>>> how to add that silly bot to shorewall rules ?
>>>>
>>>
>>> Add this to the ESTABLISHED section:
>>>
>>> DROP net $FW    tcp     25 ;; -m string --algo bm --string 'ylmf-pc'
>>
>> I assumed it goes into the rules file and put it there accordingly.
>>
>> A shorewall dump |grep ylmf doesn't return anything though and I noticed
>> that ALL of my incoming mail connections are suffering from this blockage.
>>
>> What did I miss? I have scanned through the ML archive concerning this, but
>> seem to miss the crucial point somehow...
>>
> 
> That syntax only works on Shorewall 5 -- on Shorewall 4, you need:
> 
> DROP net $FW tcp 25 ; -m string --algo bm --string 'ylmf-pc'
> 
> and you need to set INLINE_MATCHES=Yes in shorewall.conf. Note that
> setting INLINE_MATCHES=Yes, will make the compiler assume that
> *anything* after the semicolon is raw iptables input. So if you have
> used the ';' form of alternate column input, then you need to also
> switch those rules to use the {....} form instead. See
> http://www.shorewall.org/configuration_file_basics.htm#Pairs
> 

You will probably need to use this form instead or the compiler will
complain about the quotes:

INLINE(DROP) net $FW tcp 25 ; -m string --algo bm --string 'ylmf-pc'

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to