On 4/17/20 6:41 AM, Vieri Di Paola wrote: > Hi, > > This might be trivial, but how can I add a source IP address to an > ipset only when the source port is NOT in an ipset AND NOT in a port > range? > > the following gives an error: > > ADD(POL_BL:src):info:polbl,add2polbl > net1,net2,net3:!+POL_BL,+GLOBAL_WL,+NORMAL_WL all tcp - > !+POL_BL_EXCL,49152-65535 >
The following should give you the idea: /etc/shorewall/actions #ACTION OPTIONS COMMENT DoAdd - # Add to ipset A if source not in a and dport not in B /etc/shorewall/actons.DoAdd ADD(A:src) !+A - tcp !+B /etc/shorewall/rules DoAdd net all tcp !49152-65535 -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
