Yes, I did thatn when I migrated the config files from the old shorewall version.
Am Sa., 18. Mai 2019 um 22:15 Uhr schrieb Matt Darfeuille <matd...@gmail.com >: > On 5/18/2019 11:40 AM, Steven Barthen wrote: > > Hello > > > > I currently try to utilize the Shorewall Dynamic Blacklist to block some > > hosts via fail2ban. > > > > The part with fail2ban detection and filing a block works well, > > nonetheless... the block itself doesnt actually happen. > > > > I can send a "shorewall show dynamic" and it will list all blocked IP's, > > but they just continue to connect. > > > > shorewall.conf: > > BLACKLIST=ALL > > DYNAMIC_BLACKLIST=Yes > > BLACKLIST_DISPOSITION=DROP > > > > > > I have been trying to make the blacklist work, by setting "BLACKLIST" > > keyword to the zones/interfaces, but they are all deprecated. And the > > dynamic_blacklist page on shorewall doenst really explain what you have > > to do to enable blacklisting anywhere. I've checked the default configs > > and tried to find something on google, but there is nothing. > > > > my "blrules" is: > > empty > > > > my interfaces : > > #ZONEINTERFACEOPTIONS > > neteth0 > > vpntun0 > > > > my zones : > > #ZONETYPEOPTIONSINOUT > > #OPTIONSOPTIONS > > fwfirewall > > netipv4 > > vpnipv4 > > > > my policy: > > #LEVELBURSTMASK > > fwallACCEPT > > vpnallACCEPT > > netallDROP info > > allallREJECT info > > > > I have absolutely no idea why it isn't working. > > > > The logs are full of > > > > "Failed password for invalid user X from 206.XXX.XXX.85 port 60876 ssh2" > > > > while i can see > > > > # shorewall show dynamic | grep 206.XXX.XXX.85 > > 0 0 DROP all -- * * 206.XXX.XXX.85 > > 0.0.0.0/0 <http://0.0.0.0/0> > > > > I am using Shorewall 5.0.15.6 on Debian 9 now but my config is probably > > a couple of years old. > > > > So how can I enable blacklisting or make them stop connecting? I even > > set my blacklist to 7days but they just keep connecting over and over... > > just like blacklist didn't exist. > > > > Help/Ideas appreciated. > > > > Did you do 'shorewall update' to update your configuration to 5.0.15.6? > > http://shorewall.org/troubleshoot.htm#Support > > -Matt > -- > Matt Darfeuille > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
