search for: blacklistnet

...39; utility without ever having to restart or refresh Shorewall. If you use the SAVE_IPSETS=Yes feature just be sure to "shorewall save" after altering the blacklist ipset(s). Example /etc/shorewall/blacklist: #ADDRESS/SUBNET PROTOCOL PORT +Blacklist[2] +Blacklistnets[2] Create the blacklist ipsets using: ipset -N Blacklist iphash ipset -N Blacklistnets nethash Add entries ipset -A Blacklist 206.124.146.177 ipset -A Blacklistnets 206.124.146.0/24 To allow entries for individual ports ipset -N SMTP portmap --from 1 --to...

...eth0 -j MASQUERADE COMMIT # Completed on Tue Sep 27 22:17:35 2016 # Generated by iptables-save v1.4.7 on Tue Sep 27 22:17:35 2016 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :IP4BOGONS - [0:0] :f2b-default - [0:0] :f2b-dovecot-pop3imap - [0:0] -A INPUT -m set --match-set blacklistnet src -j DROP -A INPUT -m set --match-set blacklist src -j DROP -A INPUT -s 127.0.0.1/32 -j ACCEPT -A INPUT -m set --match-set block src -j DROP COMMIT # Completed on Tue Sep 27 22:17:35 2016 And my ifconfig: eth0 Link encap:Ethernet HWaddr 44:37:E6:53:1E:E2 inet addr:192.168...