Hi All! Been quite a few years and lots of water under the bridge but here I am back! I have a customer that has now decided they need a bit more bandwidth over and above their fixed line! They are not in a good area for ADSL because of copper theft and being a bit to far from the closest DSLAM! They have installed a wireless link and I have made certain that put it behind my simple iptables firewall! My old script will no longer cut it as I need all the raw power of Shorewall! I had total success with it in the past in a very complex situation! Almost like multiple DMZ type of setup! Since those days the simple script based iptables generator has served me well! Re-reading all the documentation the standardish 2 interface will do pretty well plus adding the extra bits to handle the two internet lines on one interface! What a joy that they both have static ip''s! I don''t see any real problems in getting it up and running! Now comes the little problem! I chose many years ago to use sshdfilter because it was the most effective sshd blocker I found! Only suffers from a little problem! It needs a table/chain created call SSHD and then a rule added like this! # patched for sshdfilter /sbin/iptables -I INPUT -p tcp -m tcp --dport 22 -j SSHD The rest of the sshdfilter doing its work of added and removing ip address from the DROP table should be of no concern! Now I had had a bit of a go at trying to figure out how to add the table and the rule but maybe I''m just asking the wrong question in Google! Even this mail list altohjgh it has a bit on brute force ssh attacks and discusses sshdfilter there is no reference to shorewal and creating the required extras! At a guess I would start with the actions file to add a rule but adding the SSHD table is another whole story! Any ideas anyone! Crack this one and Shorewall will go back into all my customers! My old script is past it''s sell by date! Cheers Ang -- Angela Williams angierfw at gmail dot com Linux/Networking Hacker Blog http://angierfw.wordpress.com Smile! Jesus Loves You! ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
On 31/01/2012 13:03, Angela Williams wrote:> Hi All![snip] Please, for all our sakes, learn to use the full stop (.) instead of the exclamation mark (!) everywhere. Chris -- Chris Boot bootc@bootc.net Tel: 01271 414100 ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
On Tue, 2012-01-31 at 15:03 +0200, Angela Williams wrote:> At a guess I would start with the actions file to add a rule but adding the > SSHD table is another whole story! > > Any ideas anyone! Crack this one and Shorewall will go back into all my > customers! My old script is past it''s sell by date!In /etc/shorewall/compile: use Shorewall::Chains; dont_delete( new_manual_chain(''SSHD'') ); In /etc/shorewall/rules: SSHD net $FW tcp 22 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
Hi All On Tuesday 31 January 2012 at 17:50 Tom Eastep :-> On Tue, 2012-01-31 at 15:03 +0200, Angela Williams wrote: > > At a guess I would start with the actions file to add a rule but adding > > the SSHD table is another whole story! > > > > Any ideas anyone! Crack this one and Shorewall will go back into all my > > customers! My old script is past it''s sell by date! > > In /etc/shorewall/compile: > > use Shorewall::Chains; > > dont_delete( new_manual_chain(''SSHD'') ); > > In /etc/shorewall/rules: > > SSHD net $FW tcp 22Thanks for the quick answer. i will add it in to the files and hopefully we all all be ready to test either this Thursday or Monday when one of the support guys will be on site! Customer is just a bit to far away for me to drive for possibly only stopping shorewall and restarting my firewall. It''s 300Km round trip. Makes sense to sit in my home office. Thanks Again Tom Ang -- Angela Williams angierfw at gmail dot com Linux/Networking Hacker Blog http://angierfw.wordpress.com Smile! Jesus Loves You! ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
Hi All On Tuesday 31 January 2012 at 17:50 Tom Eastep :-> On Tue, 2012-01-31 at 15:03 +0200, Angela Williams wrote: > > At a guess I would start with the actions file to add a rule but adding > > the SSHD table is another whole story! > > > > Any ideas anyone! Crack this one and Shorewall will go back into all my > > customers! My old script is past it''s sell by date! > > In /etc/shorewall/compile:I should have asked this question a few days back. Any documentation on the compile file? I would guess that it affects the perl compiler to add the extra stuff. Cheers Ang -- Angela Williams angierfw at gmail dot com Linux/Networking Hacker Blog http://angierfw.wordpress.com Smile! Jesus Loves You! ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
On 02/02/2012 03:41 AM, Angela Williams wrote:> On Tuesday 31 January 2012 at 17:50 Tom Eastep :- > >> On Tue, 2012-01-31 at 15:03 +0200, Angela Williams wrote: >>> At a guess I would start with the actions file to add a rule but adding >>> the SSHD table is another whole story! >>> >>> Any ideas anyone! Crack this one and Shorewall will go back into all my >>> customers! My old script is past it''s sell by date! >> >> In /etc/shorewall/compile: > > I should have asked this question a few days back. > Any documentation on the compile file? I would guess that it affects the perl > compiler to add the extra stuff.See: http://www.shorewall.net/ManualChains.html. There is also a bit of information in http://www.shorewall.net/shorewall_extension_scripts.htm. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
Hi All On Thursday 02 February 2012 at 16:29 Tom Eastep :-> On 02/02/2012 03:41 AM, Angela Williams wrote: > > On Tuesday 31 January 2012 at 17:50 Tom Eastep :- > > > >> On Tue, 2012-01-31 at 15:03 +0200, Angela Williams wrote: > >>> At a guess I would start with the actions file to add a rule but adding > >>> the SSHD table is another whole story! > >>> > >>> Any ideas anyone! Crack this one and Shorewall will go back into all my > >>> customers! My old script is past it''s sell by date! > >> > >> In /etc/shorewall/compile: > > I should have asked this question a few days back. > > Any documentation on the compile file? I would guess that it affects the > > perl compiler to add the extra stuff. > > See: http://www.shorewall.net/ManualChains.html. There is also a bit of > information in http://www.shorewall.net/shorewall_extension_scripts.htm.Thanks again Tom. New project is always information overload. The documentation is really great Sort of reminds me of SCO Xenix and tcp networking. Information overload it was. Cheers Ang -- Angela Williams angierfw at gmail dot com Linux/Networking Hacker Blog http://angierfw.wordpress.com Smile! Jesus Loves You! ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d