Hi, I made a wiki to present a rather simple perl script I made which allows to use ipset with Shorewall to dynamically filter access by IP (and I hope later by port ). The great benefit is that restarting/ reloading Shorewall is faster and iptables rules are lesser. I use essentially bindings in ipset (ipset -B) As basis, I have used a kerneled-Linux > 2.6.18 and these packages 1. perl 5.8.8 2. Shorewall 3.2.7 3. iptables 1.3.5 Have a look at : http://iballo.wikispaces.com/ipset_shorewall Thanks for your comments and contributions ... ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
On Tue, Oct 16, 2007 at 10:27:40PM +0200, Isma?l BALLO wrote:> Have a look at : http://iballo.wikispaces.com/ipset_shorewallI find this page quite incomprehensible. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
On Tue, 2007-10-16 at 22:49 +0100, Andrew Suffield wrote:> On Tue, Oct 16, 2007 at 10:27:40PM +0200, Isma?l BALLO wrote: > > Have a look at : http://iballo.wikispaces.com/ipset_shorewall > > I find this page quite incomprehensible.I apologize to Ismaël for not getting back to him. He sent me a link to his article privately and I didn''t give him any feedback. I too have a difficult time understanding what ipset_shorewall does. Seems like the article needs an "Overview" section to orient the reader to the details that follow. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Hi, Tom Eastep a écrit :> On Tue, 2007-10-16 at 22:49 +0100, Andrew Suffield wrote: > >> On Tue, Oct 16, 2007 at 10:27:40PM +0200, Isma?l BALLO wrote: >> >>> Have a look at : http://iballo.wikispaces.com/ipset_shorewall >>> >> I find this page quite incomprehensible. >> > >Can you be more accurate ? Do you know ipset ?> I apologize to Ismaël for not getting back to him. He sent me a link to > his article privately and I didn''t give him any feedback. > > I too have a difficult time understanding what ipset_shorewall does. > Seems like the article needs an "Overview" section to orient the reader > to the details that follow. > >You''re welcome Tom, I know you''re quite busy ..> -Tom > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
On Tue, 2007-10-16 at 22:27 +0200, Ismaël BALLO wrote:> Have a look at : http://iballo.wikispaces.com/ipset_shorewallDependencies as listed there include: Acme-Comment (version1.02) which allows comments in perl files. Ismaël, I believe you do *not* actually want to depend on any Acme Perl module. :) Check out some of these on CPAN, to see what they are about... Also, even though your code currently does 'use' it, and thus enforce it unnecessarily, you don't actually use that feature anyway. BTW, Perl itself does "allow comments". There's just no support for *multi-line* comments... ;) karsten -- [ESR] Eric S. Raymond: "How To Ask Questions The Smart Way" http://www.catb.org/~esr/faqs/smart-questions.html [SGT] Simon G. Tatham: "How to Report Bugs Effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Selon Karsten Bräckelmann <kb@shorewall.net>:> On Tue, 2007-10-16 at 22:27 +0200, Ismaël BALLO wrote: > > Have a look at : http://iballo.wikispaces.com/ipset_shorewall > > Dependencies as listed there include: > Acme-Comment (version1.02) which allows comments in perl files. > > Ismaël, I believe you do *not* actually want to depend on any Acme Perl > module. :) Check out some of these on CPAN, to see what they are > about... > > Also, even though your code currently does ''use'' it, and thus enforce it > unnecessarily, you don''t actually use that feature anyway.Ok, but this module has been smart when doing script .. You''re right, I removed non necessary line comments in the published tar.gz Thanks for the clarification .. As said by Tom, I will do an overview section soon ...> > > BTW, Perl itself does "allow comments". There''s just no support for > *multi-line* comments... ;) > > karsten > > > -- > [ESR] Eric S. Raymond: "How To Ask Questions The Smart Way" > http://www.catb.org/~esr/faqs/smart-questions.html > [SGT] Simon G. Tatham: "How to Report Bugs Effectively" > http://www.chiark.greenend.org.uk/~sgtatham/bugs.html > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/