I'm working on my firewall atm, tearing it down, restarting it, etc. I also happen to be getting 'pestered' at a couple of my IPs during the process. `shorewall drop` is, of course, very handy. On SW restart, though, I lose the blocks on the dropped IPs. What's the mechanism for capturing the complete list of current SW blacklisted items? I'd like to grab it, placing it in a persistent IPSET at SW stop, then reload at SW start. I _thought_ I'd read that the dynamic blacklist IS in an IPSET, but a quick check of `ipset -L` doesn't display it ... ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk