Hi, Is it possible to get Shorewall to reload the static blacklist file without resetting the packet and byte counters? I am following the guide at http://mudy.wordpress.com/2009/02/21/shorewall-blacklist-spamhaus-dshield/ to periodically generate a blacklist, but "shorewall -qq refresh -n blacklst" resets all my accounting. Is there a way to do this without resetting the counters? I am running the Debian package of 4.5.5.3. Thanks, Roger ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct
On 10/25/2012 05:21 AM, Roger Lynn wrote:> Hi, > > Is it possible to get Shorewall to reload the static blacklist file without > resetting the packet and byte counters? > > I am following the guide at > http://mudy.wordpress.com/2009/02/21/shorewall-blacklist-spamhaus-dshield/ > to periodically generate a blacklist, but "shorewall -qq refresh -n > blacklst" resets all my accounting. Is there a way to do this without > resetting the counters? >No. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct
On 25/10/2012 14:57, Tom Eastep wrote:> On 10/25/2012 05:21 AM, Roger Lynn wrote: >> Hi, >> >> Is it possible to get Shorewall to reload the static blacklist file without >> resetting the packet and byte counters? >> >> I am following the guide at >> http://mudy.wordpress.com/2009/02/21/shorewall-blacklist-spamhaus-dshield/ >> to periodically generate a blacklist, but "shorewall -qq refresh -n >> blacklst" resets all my accounting. Is there a way to do this without >> resetting the counters? >> > No. > > -TomHowever, with a little more effort on the scripting side you could put the blocklist into an ipset. ipsets can be mangled arbitrarily at runtime and are a way of separating the iptables rules from the source/dest choice Good luck Ed W ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_nov