Hi, Suppose I have rules such as:
ACCEPT net $FW tcp 80,443 DNAT net loc:IP tcp 3389 [...etc...] I'd like to automatically/dynamically blacklist all IP addresses of hosts that try to connect to any other unlisted port (eg. port tcp 2222 or 1234, etc.). So if a host tries to connect to port tcp 1234 (on which my site does not serve anything) I'd like the "net" SRC address to be blacklisted "globally", ie. it should not be able to connect to ANY port, not even those listed above (80,443,3389), for at least 1 hour. I've read about shorewall events (BTW there's a missing ',-' in the example 'AutoBL(SSH,-,-,-,REJECT,warn)') but I'm not sure if it fits my needs. The following doesn't seem to do what I want: ACCEPT net $FW tcp 80,443 DNAT net loc:IP tcp 3389 [...etc...] AutoBL(ABL,10,1,-,3600,REJECT,info) net $FW all Aren't the IP addresses in ABL_BL supposed to be REJECTed regardless of where they're trying to connect to? Maybe there's a simpler way to do this with Shorewall actions and dynamic blacklisting? Thanks, Vieri ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
