Nodrahc Technologies
2006-Mar-11 15:16 UTC
How to allow an IP that falls in a blacklisted subnet?
Hello, With shorewall 2.4, let''s say that I have the entry "123.123.123.0/24 tcp 80,443" in /etc/shorewall/blacklist. Is there a way to allow access to tcp 80 to 123.123.123.123? If possible, I would like to avoid messing with the blacklist itself as it is automatically generated. Thanks, Stéphane ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Tom Eastep
2006-Mar-11 16:07 UTC
Re: How to allow an IP that falls in a blacklisted subnet?
On Saturday 11 March 2006 07:16, Nodrahc Technologies wrote:> Hello, > > With shorewall 2.4, let''s say that I have the entry "123.123.123.0/24 > tcp 80,443" in /etc/shorewall/blacklist. Is there a way to allow access > to tcp 80 to 123.123.123.123?No -- sorry, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Nodrahc Technologies
2006-Mar-11 18:25 UTC
Re: How to allow an IP that falls in a blacklisted subnet?
Tom Eastep wrote:>>With shorewall 2.4, let''s say that I have the entry "123.123.123.0/24 >>tcp 80,443" in /etc/shorewall/blacklist. Is there a way to allow access >>to tcp 80 to 123.123.123.123? > > > No -- sorry, > > -TomNo wonder I couldn''t find any solution that worked... Thanks for the answer. Stéphane. ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Paul Gear
2006-Mar-12 23:52 UTC
Re: How to allow an IP that falls in a blacklisted subnet?
Tom Eastep wrote:> On Saturday 11 March 2006 07:16, Nodrahc Technologies wrote: >>Hello, >> >>With shorewall 2.4, let''s say that I have the entry "123.123.123.0/24 >>tcp 80,443" in /etc/shorewall/blacklist. Is there a way to allow access >>to tcp 80 to 123.123.123.123? > > No -- sorry,Wouldn''t it be possible to add a rule that jumps in before the blacklist rules using /etc/shorewall/start? Paul ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Tom Eastep
2006-Mar-13 00:16 UTC
Re: Re: How to allow an IP that falls in a blacklisted subnet?
On Sunday 12 March 2006 15:52, Paul Gear wrote:> Tom Eastep wrote: > > On Saturday 11 March 2006 07:16, Nodrahc Technologies wrote: > >>Hello, > >> > >>With shorewall 2.4, let''s say that I have the entry "123.123.123.0/24 > >>tcp 80,443" in /etc/shorewall/blacklist. Is there a way to allow access > >>to tcp 80 to 123.123.123.123? > > > > No -- sorry, > > Wouldn''t it be possible to add a rule that jumps in before the blacklist > rules using /etc/shorewall/start?Yes -- as long as you never need to use "shorewall refresh". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep
2006-Mar-13 00:42 UTC
Re: Re: How to allow an IP that falls in a blacklisted subnet?
On Sunday 12 March 2006 16:16, Tom Eastep wrote:> On Sunday 12 March 2006 15:52, Paul Gear wrote: > > Tom Eastep wrote: > > > On Saturday 11 March 2006 07:16, Nodrahc Technologies wrote: > > >>Hello, > > >> > > >>With shorewall 2.4, let''s say that I have the entry "123.123.123.0/24 > > >>tcp 80,443" in /etc/shorewall/blacklist. Is there a way to allow access > > >>to tcp 80 to 123.123.123.123? > > > > > > No -- sorry, > > > > Wouldn''t it be possible to add a rule that jumps in before the blacklist > > rules using /etc/shorewall/start? > > Yes -- as long as you never need to use "shorewall refresh". >The reason being is that there is a ''refresh'' extension script but no ''refreshed'' script and the former is executed *before* the blacklist is flushed and rebuilt from /etc/shorewall/blacklist. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key