I have an IP that I picked up scanning my firewall for port 22 and I want to block all traffic from this IP. Is it best to do this by rules like the following or is there a better way: REJECT net:65.66.80.53 fw tcp - REJECT net:65.66.80.53 dmz tcp - REJECT net:65.66.80.53 dmz udp - (policy blocks all net -> loc) Thanks! Scott
On Monday 07 January 2002 11:31 am, Scott Duncan wrote:> I have an IP that I picked up scanning my firewall for port 22 and I want > to block all traffic from this IP. Is it best to do this by rules like the > following or is there a better way: > > REJECT net:65.66.80.53 fw tcp - > REJECT net:65.66.80.53 dmz tcp - > REJECT net:65.66.80.53 dmz udp - >How about: REJECT=09net:65.66.80.53=09fw=09all REJECT=09net:65.66.80.53=09dmz=09all=09 If I were to add a /etc/shorewall/blacklist file where rogue IP addresses and=20 subnets could be listed, would people find that useful? -Tom --=20 Tom Eastep \ A Firewall for Linux 2.4.* AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net -------------------------------------------
Yes, that would be useful. --Richard On 7 Jan 2002 at 11:40, Tom Eastep wrote:> On Monday 07 January 2002 11:31 am, Scott Duncan wrote: > > I have an IP that I picked up scanning my firewall for port 22 and I > > want to block all traffic from this IP. Is it best to do this by rules > > like the following or is there a better way: > > > > REJECT net:65.66.80.53 fw tcp - > > REJECT net:65.66.80.53 dmz tcp - > > REJECT net:65.66.80.53 dmz udp - > > > > How about: > > REJECT net:65.66.80.53 fw all > REJECT net:65.66.80.53 dmz all > > If I were to add a /etc/shorewall/blacklist file where rogue IP > addresses and subnets could be listed, would people find that useful? > > -Tom > -- > Tom Eastep \ A Firewall for Linux 2.4.* > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > ------------------------------------------- > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users >---------- Richard Pyne rpyne@shopsite.com Software Engineer ShopSite, Inc http://www.ShopSite.com
On Mon, 7 Jan 2002, Tom Eastep wrote:> If I were to add a /etc/shorewall/blacklist file where rogue IP addresses and > subnets could be listed, would people find that useful?Yes, i think so! But while you''re at it, may be a general mechanism for reading ip-addresses from files into zones would be nice? I now have split my internet zone into trusted, normal and blacklisted hosts using a params file. This works great, except for a minor inconvenience of adding the interface name in front of every host. Reading addresses from a file indeed would be nice in my case... Kind regards, Pieter Ennes. -- Pas op de muonen!