-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/23/2017 06:31 AM, Vieri Di Paola wrote: > Hi, > > Regarding my previous post, geoip actually seems to be working > with: > > DROP net1:!^[US,CA,EU,ES,PT,FR,DE,GB,IT,BE] all DROP > net2:!^[US,CA,EU,ES,PT,FR,DE,GB,IT,BE] all > > DROP net3:!^[US,CA,EU,ES,PT,FR,DE,GB,IT,BE] all > > in *most cases*... which means that some packets do arrive to the > underlying IPS system via NFQUEUE. The IPS also has a geo-ip rule > with the SAME negated set of countries. The weird thing is that I > see the IPS logging geoip drops when Shorewall&xtables-addons > should have already dropped them all. Some (few) seem to slip > through... >
In the IPS logs, does it indicate the destination protocol and port of the offending IPs? - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYsF2/AAoJEJbms/JCOk0QDKgP+wQ46gxEbhNBOx6/2UyHMg1E IV3VEtUF/i6J2YJOLWA3QZCyinG2lyuqJ45nhKJ1kBkbc8c439kBQyuN1p1j6iJj jKZqKOsme9GEyYzYWQL9Y1VlMyMfEezK9Bj1fVTI1ly42YOPLit0pEMbnR3NYe5y E0WHa1A982F5eUwhzYmJBjuBTp2X9+Ipr7m2I19g38u97005q9l7SSanLHOKtxl/ lCMccsNDVB+lRUF6aJWmP8rBLrMsFJtZuFncshyTaxO3DTXgjU7/WH5W0Y7ew5RS tO1UYkJ5icqyPoX5297tHRpPobbFqY4yKf0htpb/bvrpa4y2euagZx8xlOymZnn4 l3sWL2dyqsRvUsX4eceY063WBN97enZo8aWAnRBZ6sfNucd7jl/wXSLsSdgQLeOC QZ8RAbgnHySwnQuABLjX7kG8kVnzbv0TgZdDsXm1tkdxkqepiE3eNcR2I13WWXXc mk6iE3xotahRufAgwT85LKZJQlqOC95hKyWr3elhx3pDLCbtqaOLFDBdz4sWAkz3 pM8klHkvbQlW5qBwGQnPAJpRJAAj1+0IxfqxZQZth1m1EwpC/yH1+ykxpWQL2oxL h6Da1M+/l9Bxa4x1QSwv6BBW8O8TFKv50qKKqkxvHBV+QhJUIhF0ZOgnjuOl2f2T 5xiItVBYmolR34lPJ8h7 =2xWP -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
