On 02/28/2018 04:42 AM, Brian J. Murrell wrote: > I'm not really sure when this started but the only change to my > configuration recently was an upgrade of shorewall on the "master" from > 5.0.14.1 to 5.1.10.2. In any case, I seem to be getting this now: > > # /usr/sbin/shorewall-lite blacklist 185.170.42.18 > ERROR: The blacklist command is not supported in the current Shorewall > Lite configuration > > On the shorewall machine where the config is being pushed out from I do > have DYNAMIC_BLACKLIST=Yes in ./shorewall.conf and this has worked in > the past.
The documentation for the 'blacklist' command has always stated that it requires 'DYNAMIC_BLACKLIST='ipsec,...' to be available, and processing of the 'blacklist' command in 5.0.14.1 and 5.1.10.2 is identical. With DYNAMIC_BLACKLIST=Yes, the 'drop', 'reject', etc. commands are available. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
