I am using shorewall version 4.2.4 (the invoca RPMs). I get this warning when starting shorewall: WARNING: Destination zone (loc) ignored : /usr/share/shorewall/macro.FTP (line 11) macro.FTP looks like the "base" version that ships with shorewall: #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 21 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE My FTP "rules" are: # forward FTP traffic to the FTP server FTP/DNAT- inet loc:a.b.c.d # slow down Brute Force attacks. Limit the number # of connections per minute that can occur. Limit:ULOG:FTPBFA,4,120 inet loc:a.b.c.d tcp 21 - $ETH2_IP ;where a.b.c.d is the IP address of FTP server behind the firewall. I believe this probably broke when switching to Shorewall-PERL, although I am not positive. I can not remember where the FTPBFA (FTP Brute Force Attack) script lives. Tom helped me create the script originally, but I can not remember where this code lives. I "grep''d" for the string FTPBA in both the /usr/share/shorewall and /etc/shorewal directories and did not come up with anything. I basically want to use port-knocking to limit Bruce Force Attacks. I believe in the past my rule blocked users if they tried to login 4 separate times within a minute and kept attacker locked out for 2 hours (i can not remember for sure). Basically I would like to implement a similar policy with Shorewall-PERL. I have vied the pages http://www.shorewall.net/FTP.html and http://www.shorewall.net/PortKnocking.html, but I am not able to deduce what I need to do in-order to get this rule working again. Thank You for your help. -- ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword
Scott Ruckh wrote:> I am using shorewall version 4.2.4 (the invoca RPMs). > > I get this warning when starting shorewall: > > WARNING: Destination zone (loc) ignored : /usr/share/shorewall/macro.FTP (line > 11) > > macro.FTP looks like the "base" version that ships with shorewall: > > #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ > # PORT(S) PORT(S) LIMIT GROUP > PARAM - - tcp 21 > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > My FTP "rules" are: > > # forward FTP traffic to the FTP server > FTP/DNAT- inet loc:a.b.c.d>From the Shorewall 4.2 release notes "Migration Issues" section:3) Specifying a destination zone in a NAT-only rule now generates a warning and the destination zone is ignored. NAT-only rules are: NONAT REDIRECT- DNAT- So what you really want is: FTP/DNAT- inet a.b.c.d> > # slow down Brute Force attacks. Limit the number > # of connections per minute that can occur. > Limit:ULOG:FTPBFA,4,120 inet loc:a.b.c.d tcp 21 - > $ETH2_IP > > ;where a.b.c.d is the IP address of FTP server behind the firewall. > > I believe this probably broke when switching to Shorewall-PERL, although I am > not positive. > > I can not remember where the FTPBFA (FTP Brute Force Attack) script lives. > Tom helped me create the script originally, but I can not remember where this > code lives.It isn''t a script -- it is the name of a ''Recent Set'' that the rule will automatically create if it doesn''t exist. This allows more than one rule to use the same notion of ''recent'' by sharing the same Recent Set.> Basically I would like to implement a similar policy with Shorewall-PERL. > > I have vied the pages http://www.shorewall.net/FTP.html and > http://www.shorewall.net/PortKnocking.html, but I am not able to deduce what I > need to do in-order to get this rule working again.What makes you believe that it is not working? ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword