Hi, Using Shorewall 4.4.23.1. I have an IP Address that is blocked by the firewall but there are no dynamic or static blacklist record of this IP address. If I /etc/init.d/shorewall stop and /etc/init.d/shorewall clear the IP Address is allowed. I then start the service and the Ip address is allowed for about 3 mins then blocked. I do have a large blacklist listing. This problem started after I dropped of number of dynamic IP addresses. I also added this line to the blacklist where X.X.X.X is the IP address that is blocked. This made no difference. X.X.X.X - - whitelist PS: Is there a shorewall command to see which IP addresses are blacklisted. Would appreciate some ideas what could be causing this. Thank You. KA ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
On Nov 27, 2011, at 7:23 PM, Kilburn Abrahams wrote:> > Would appreciate some ideas what could be causing this. Thank You.Look at your log. Then see Shorewall FAQ 17. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
On Nov 27, 2011, at 8:10 PM, Tom Eastep wrotOn Nov 27, 2011, at 7:23 PM, Kilburn Abrahams wrote:> Look at your log. Then see Shorewall FAQ 17. >And if that doesn''t show you anything, then ''shorewall show blacklist'' and look for rules with a non-zero packet/byte count. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
On Nov 27, 2011, at 8:18 PM, Tom Eastep wrote:> > And if that doesn''t show you anything, then ''shorewall show blacklist'' and look for rules with a non-zero packet/byte count.Make that ''shorewall show blacklist'' -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
> On Nov 27, 2011, at 8:18 PM, Tom Eastep wrote: >> >> And if that doesn''t show you anything, then ''shorewall show blacklist'' and look for rules with a non-zero packet/byte count. > > Make that ''shorewall show blacklist''''blacklst'' -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
On Sun, 27 Nov 2011 20:18:45 -0800, Tom Eastep wrote:> And if that doesn''t show you anything, then ''shorewall show > blacklist'' > and look for rules with a non-zero packet/byte count.shorewall show blacklst ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d