search for: blacklst

...* 0.0.0.0/0 0.0.0.0/0 2 104 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'' 2 104 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain blacklst (4 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 136.145.49.21 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:blacklst:DROP:'' 0 0 DROP all -- * *...

...for the blacklist in shorewall.conf [root@fumcbafw shorewall]# grep BLACKLIST shorewall.conf # BLACKLIST LOG LEVEL BLACKLIST_LOGLEVEL=debug # BLACKLIST DISPOSITION BLACKLIST_DISPOSITION=DROP shorewall has been restarted and iptables-save shows the rule [root@fumcbafw shorewall]# grep ''blacklst'' /tmp/iptables.save :blacklst - [0:0] [0:0] -A blacklst -m mac --mac-source 00:04:E2:83:7C:75 -j LOG --log-prefix "Shorewall:blacklst:DROP:" --log-level 7 [0:0] -A blacklst -m mac --mac-source 00:04:E2:83:7C:75 -j DROP [1260:97713] -A eth1_fwd -j blacklst [1086:255521] -A eth...

Hello, Pardon me if this turns out to be stupid question. I have an IP address blacklisted in /etc/shorewall/blacklist. I have BLACKLIS_LOGLEVEL not set in /etc/shorewall/shorewall.conf, but I can still see the packages coming from the blacklisted IP logged in /var/log/messages when I do ''tail -f /var/log/messages''. Is there someplace else I should check ? Thanks. RDB --

Hi, Is it possible to get Shorewall to reload the static blacklist file without resetting the packet and byte counters? I am following the guide at http://mudy.wordpress.com/2009/02/21/shorewall-blacklist-spamhaus-dshield/ to periodically generate a blacklist, but "shorewall -qq refresh -n blacklst" resets all my accounting. Is there a way to do this without resetting the counters? I am running the Debian package of 4.5.5.3. Thanks, Roger ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster wi...

hi all, shorewall claim that support stateful connection. But I read the document, I can''t found any configuration on it like in iptables e.g. -m -state NEW, ESTABLISHED something like like. Is shorewall by default is staeful connection for any connectione.g. web, http

...192.168.10.124 net tcp 1214 DNAT net loc:192.168.10.124 tcp 6881 the 192.168.0.0/16 is our corporate network, 192.168.10.124 is my boos'' ip address, but i get this in the log: Feb 7 15:35:30 proxy kernel: Shorewall:blacklst:DROP:IN=eth1 OUT=eth0 SRC=192.168.10.124 DST=212.179.35.119 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=59096 DF PROTO=TCP SPT=2413 DPT=1214 WINDOW=65535 RES=0x00 SYN URGP=0 Any workaround of this or it cant be done? BTW, the dnat lines in rules is recommended for gnutella, if i have the redirect rule...

...0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain blacklst (2 references) pkts bytes target prot opt in out source destination Chain dmz2fw (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED...

...0 SYN URGP=0 Jan 27 01:11:12 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=211.162.91.103 DST=24.91.102.152 LEN=404 TOS=0x00 PREC=0x00 TTL=101 ID=33882 PROTO=UDP SPT=1171 DPT=1434 LEN=384 Jan 27 01:19:46 h0000b49d5510 kernel: Shorewall:blacklst:DROP:IN=eth0 OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=208.251.137.94 DST=192.168.0.1 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=41886 DF PROTO=TCP SPT=4603 DPT=1411 WINDOW=64240 RES=0x00 SYN URGP=0 Jan 27 01:19:49 h0000b49d5510 kernel: Shorewall:blacklst:DROP:IN=eth0 OUT= MAC=00:00:b4:9d:5...

...:0] :POSTROUTING ACCEPT [0:0] :tcfor - [0:0] :tcout - [0:0] :tcpost - [0:0] :tcpre - [0:0] -A PREROUTING -j tcpre -A FORWARD -j tcfor -A OUTPUT -j tcout -A POSTROUTING -j tcpost COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] :Drop - [0:0] :Reject - [0:0] :all2all - [0:0] :blacklst - [0:0] :dropBcast - [0:0] :dropInvalid - [0:0] :dropNotSyn - [0:0] :dynamic - [0:0] :eth0_fwd - [0:0] :eth0_in - [0:0] :eth0_out - [0:0] :fw2wan - [0:0] :logdrop - [0:0] :logflags - [0:0] :logreject - [0:0] :reject - [0:0] :smurfs - [0:0] :tcpflags - [0:0] :wan2fw - [0:0] -A INPUT -i eth0 -j eth0_...

...ct all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain blacklst (2 references) pkts bytes target prot opt in out source destination Chain dmz2fw (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 stat...

I apologize for the first message. :) --------------------------------------- I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer. I have setup the following rule for outside people to connect to it: DNAT net dmz:192.168.2.2 tcp 23000 I''m at work right now and I can''t use

...* 0.0.0.0/0 0.0.0.0/0 0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'' 0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain blacklst (2 references) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1433 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt...

....197.202 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=59 ID=48172 PROTO=ICMP TYPE=8 CODE=0 ID=49174 SEQ=37889 > TRACE: filter:eth3_in:rule:1 IN=eth3 OUT= SRC=83.3.197.202 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=59 ID=48172 PROTO=ICMP TYPE=8 CODE=0 ID=49174 SEQ=37889 > TRACE: filter:blacklst:return:4 IN=eth3 OUT= SRC=83.3.197.202 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=59 ID=48172 PROTO=ICMP TYPE=8 CODE=0 ID=49174 SEQ=37889 > TRACE: filter:eth3_in:rule:3 IN=eth3 OUT= SRC=83.3.197.202 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=59 ID=48172 PROTO=ICMP TYPE=8 CODE=0 ID=4917...