Gabriel wrote:> Hi,
>
> First I would like to say Shorewall rocks!
>
> I have a suggestion for a Port based Block List that would complement
> the present "blacklist".
> Would it be a good idea to have a port specific block list e.g.
> "smtpblocklist" that Shorewall would check incoming
> traffic against based on the specific port e.g. 25. This way you can
> have a huge protocol specific block list that won''t
> affect (slow down) other traffic as it would in the case of have a huge
> general blocklist such as the "blacklist".
> Essentially I am trying to come up with a poor man''s solution to
having
> to setup a separate SMTP gateway.
You can do this yourself with actions -- the only downside to that
approach is that a "shorewall restart" is required to reload the
blacklist.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net