Hi , Shorewall friends, I have been liking Shorewall for many years.
On my dedicated cloud server, I desired to drop all of attempts of random probes, from I suppose piracy activities from all around the world (Viet Nam,China,Russian, US, Europe... ). I know that it looks like fail2ban . but as a beginner in defense work, I prefer to keep the control, and measure the impact of each action. And I will discover the limit of the blacklist rules number, with this principle, too ! The strategy is: regularly extracting from syslog all the IP addresses given by the default drop rule, sort them, and append them to the blrules, then reload shorewall. After 4 monthes, my collection is big of more than 150000 IP adresses collected to the "blrules" file. It worked fine on "Debian stretch". Restarting shorewall takes ~6mn, And I did not notice any sensible slow-down of the traffic. Then now, "Debian buster" is stable, and i want of course port this work after dist-upgrade of my server. But it seems that shorewall on "buster" shorewall is blocked with such a blrules file . versions of shorewall : on buster : shorewall: 5.2.3.2-1 on stretch : shorewall:5.0.15.6-1 I tried to iptables-save the iptables rules on stretch , and restore them directly to buster. but iptables-restore refuses: iptables-restore: line 460962 failed ! yes: as I have 3 zones , the 150000 blrules are x3 , once for each zone. So really Shorewall gives 450000 blrules to iptables! Thank you for any idea. Yours Jerome _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
