Shorewall users - May 2011 - dynamic blacklist

Hi,

Dynamic blacklisting does not take into account the "blacklist" option
in /etc/shorewall/interfaces.

Does this mean that dynamic blacklisting is always applied "globally",
ie. to all interfaces?

Can I run "shorewall drop to <IP>" only for packets going
through, say, eth0 but NOT eth3?
If so, how?

Thanks,

Vieri


------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay

On May 16, 2011, at 3:12 AM, Vieri Di Paola wrote:
> Hi,
> 
> Dynamic blacklisting does not take into account the "blacklist"
option in /etc/shorewall/interfaces.
> 
> Does this mean that dynamic blacklisting is always applied
"globally", ie. to all interfaces?
Yes.
> 
> Can I run "shorewall drop to <IP>" only for packets going
through, say, eth0 but NOT eth3?
> 
No.

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay