-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What is the best way to use feeds.dshield.org/block.txt with shorewall? Any chance in the future that we could just dump it into /etc/shorewall and have it parsed as is? or do i need to figure out some kind of scripts that will get it into the blaklist file? or should i just run www.dshield.org/get_block.pl from within shorewall somehow? thanks - -- Brad Wyman |\ _,,,---,,_ bradw@sta-care.com /,`.-''`'' -. ;-;;,_ Network Admin |,4- ) )-,_. ,\ ( `''-'' Sta-Care, Inc. ''---''''(_/--'' `-''_) PGP Fingerprint: 8B1E E12F 3982 0D54 E01C DFD3 898B 6CA3 ED6F 3E56 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE82pE2iYtso+1vPlYRAsE4AJ9ruP8NdKMGhcA1O6AL8ut35KCELgCdHiT6 2DIeBTQDnR4079CJM2KQ/XM=6rh+ -----END PGP SIGNATURE-----
Tom Eastep
2002-May-09 15:44 UTC
[Shorewall-users] anyone using feeds.dshield.org/block.txt
On Thu, 9 May 2002, bradw wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > What is the best way to use feeds.dshield.org/block.txt with shorewall? > Any chance in the future that we could just dump it into /etc/shorewall > and have it parsed as is?Not as part of standard Shorewall, no.> or do i need to figure out some kind of scripts > that will get it into the blaklist file?Yes -- beware that a number of address blocks listed in the file duplicate those being blocked under "norfc1918". or should i just run> www.dshield.org/get_block.pl from within shorewall somehow? >You could -- just change that program to create its entries in ''blacklst'' and set the ''blacklist'' option on your external interface. Run get_block.pl from /etc/shorewall/start. Be sure that you enable http from your firewall to the net. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net