Hello, I have the following entry in /etc/shorewall/blacklist: 66.27.56.212 tcp 25 66.27.56.213 tcp 25 then I restarted shorewall $> shorewall restart But I still get the following in /var/log/message, while in shorewall.conf I have # BLACKLIST LOG LEVEL # <snip> BLACKLIST_LOGLEVEL The question is, Why do I still see this logging? Thanks for any help Reuben D. Budiardja --------- Sep 25 16:41:07 voyager kernel: Shorewall:newnotsyn:DROP:IN=eth0 OUT= MAC=00:10:dc:27:e3:d7:00:d0:79:91:27:fc:08:00 SRC=66.27.56.212 DST=160.36.28.203 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=5617 DF PROTO=TCP SPT=56396 DPT=25 WINDOW=5840 RES=0x00 ACK FIN URGP=0 Sep 25 16:41:09 voyager kernel: Shorewall:newnotsyn:DROP:IN=eth0 OUT= MAC=00:10:dc:27:e3:d7:00:d0:79:91:27:fc:08:00 SRC=66.27.56.212 DST=160.36.28.203 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=5618 DF PROTO=TCP SPT=56396 DPT=25 WINDOW=5840 RES=0x00 ACK FIN URGP=0 -- Reuben D. Budiardja Department of Physics and Astronomy The University of Tennessee, Knoxville, TN ------------------------------------------------- /"\ ASCII Ribbon Campaign against HTML \ / email and proprietary format X attachments. / \ ------------------------------------------------- Have you been used by Microsoft today? Choose your life. Choose freedom. Choose LINUX. -------------------------------------------------
On Thu, 2003-09-25 at 13:59, Reuben D. Budiardja wrote:> Hello, > I have the following entry in /etc/shorewall/blacklist: > 66.27.56.212 tcp 25 > 66.27.56.213 tcp 25 > > then I restarted shorewall > $> shorewall restart > > But I still get the following in /var/log/message, while in shorewall.conf I > have > > # BLACKLIST LOG LEVEL > # > <snip> > BLACKLIST_LOGLEVEL> > The question is, Why do I still see this logging?Have you set the blacklist option on your external interface in /etc/shorewall/interfaces? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Thu, 2003-09-25 at 14:05, Tom Eastep wrote:> On Thu, 2003-09-25 at 13:59, Reuben D. Budiardja wrote: > > Hello, > > I have the following entry in /etc/shorewall/blacklist: > > 66.27.56.212 tcp 25 > > 66.27.56.213 tcp 25 > > > > then I restarted shorewall > > $> shorewall restart > > > >Also -- changes to the blacklist file only require "shorewall refresh" to activate them. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net