Hello
I currently try to utilize the Shorewall Dynamic Blacklist to block some
hosts via fail2ban.
The part with fail2ban detection and filing a block works well,
nonetheless... the block itself doesnt actually happen.
I can send a "shorewall show dynamic" and it will list all blocked IP's,
but they just continue to connect.
shorewall.conf:
BLACKLIST=ALL
DYNAMIC_BLACKLIST=Yes
BLACKLIST_DISPOSITION=DROP
I have been trying to make the blacklist work, by setting "BLACKLIST"
keyword to the zones/interfaces, but they are all deprecated. And the
dynamic_blacklist page on shorewall doenst really explain what you have to
do to enable blacklisting anywhere. I've checked the default configs and
tried to find something on google, but there is nothing.
my "blrules" is:
empty
my interfaces :
#ZONE INTERFACE OPTIONS
net eth0
vpn tun0
my zones :
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
vpn ipv4
my policy:
# LEVEL BURST MASK
fw all ACCEPT
vpn all ACCEPT
net all DROP info
all all REJECT info
I have absolutely no idea why it isn't working.
The logs are full of
"Failed password for invalid user X from 206.XXX.XXX.85 port 60876 ssh2"
while i can see
# shorewall show dynamic | grep 206.XXX.XXX.85
0 0 DROP all -- * * 206.XXX.XXX.85
0.0.0.0/0
I am using Shorewall 5.0.15.6 on Debian 9 now but my config is probably a
couple of years old.
So how can I enable blacklisting or make them stop connecting? I even set
my blacklist to 7days but they just keep connecting over and over... just
like blacklist didn't exist.
Help/Ideas appreciated.
Cheers
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
