How can I determine if the blacklist is being read and the IP''s are rejected?
--On Tuesday, November 19, 2002 07:31:49 PM -0500 Ken <ken@ramblernet.com> wrote:> How can I determine if the blacklist is being readRead the output produced when you issue a "shorewall start", "shorewall restart" or "shorewall refresh" command.> and the IP''s are rejected?"shorewall show blacklst" and look at the counts in the first two columns. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
--On Tuesday, November 19, 2002 09:48:39 PM -0500 Ken <ken@ramblernet.com> wrote:> This was my output: > > "shorewall show blacklst" > Shorewall-1.3.6 Chain blklist at domain.COM - Tue Nov 19 21:42:17 EST 2002 > Counters reset Tue Nov 19 19:34:51 EST 2002 > iptables: Table does not exist (do you need insmod?) > > "shorewall refresh" > Processing /etc/shorewall/shorewall.conf ... > Processing /etc/shorewall/params ... > Refreshing Shorewall... > Determining Zones and Interfaces... > Adding Common Rules > Shorewall Refreshed >Do you have ''blacklist'' specified on any interfaces in /etc/shorewall/interfaces? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
First, edit shorewall.conf so that the variable BLACKLIST_LOGLEVEL=info and restart shorewall. Then try blacklisting a known network with any reachable service, such as SSH or HTTP, then attempt to access those services.... tail /var/log/messages | grep blacklst (or wherever your syslogd is stuffing the myriad of messages it generates) should yield some info. Don''t forget to undo the shorewall.conf change eliminate logging if you really don''t want it to log -- it can really eat up disk space. John S. -----Original Message----- From: shorewall-users-admin@shorewall.net [mailto:shorewall-users-admin@shorewall.net] On Behalf Of Ken Sent: Tuesday, November 19, 2002 4:32 PM To: ShoreWall (E-mail) Subject: [Shorewall-users] Black list How can I determine if the blacklist is being read and the IP''s are rejected? _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://www.shorewall.net/mailman/listinfo/shorewall-users