Hi .. !! How I can put this line in shorewall Iptables to work the same way? iptables -A FORWARD -d 65.49.14.0/24 -j LOG --log-prefix "=UltraSurf= " this line always goes before the line where established accept packets (--state ESTABLISHED,RELATED) Greetings!! -- ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
On 12/13/2012 02:15 PM, I.S.C. William wrote:> Hi .. !! > > How I can put this line in shorewall Iptables to work the same way? > > |iptables -A FORWARD -d 65.49.14.0/24 <http://65.49.14.0/24> -j LOG > --log-prefix "=UltraSurf= " > | >DON''T DO IT! -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
2012/12/13 Tom Eastep <teastep@shorewall.net>> DON''T DO IT!and why? could you give me an explanation of why it should not? Thk''s ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
2012/12/13 I.S.C. William <william.koalasoft@gmail.com>> > > 2012/12/13 Tom Eastep <teastep@shorewall.net> > >> DON''T DO IT! > > > and why? could you give me an explanation of why it should not? > > Thk''s >I''m trying to use the system to block ultrasurf fail2band guiding me in this manual. http://www.ecualug.org/?q=20121213/como_bloquear_ultrasurf_usando_iptablesfail2ban/como_bloquear_ultrasurf_usando_iptablesfail2ban Since I can not block it and want to see if this works. or if you know of any other way to block it. Thanks .. ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
On 12/13/2012 02:20 PM, Tom Eastep wrote:> On 12/13/2012 02:15 PM, I.S.C. William wrote: >> Hi .. !! >> >> How I can put this line in shorewall Iptables to work the same way? >> >> |iptables -A FORWARD -d 65.49.14.0/24 <http://65.49.14.0/24> -j LOG >> --log-prefix "=UltraSurf= " >> | >> > > > DON''T DO IT!My point is that syslog is not a good vehicle for doing data capture. If you want to capture all packets headed for that subnet, then: tcpdump -w Ultranet.log net 65.49.14.0/24 Now all packets addressed to 64.49.14.0/24 will be written to the file Ultranet.log. You can read them via tcpdump -r Ultranet.log -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
I.S.C. William skrev den 13-12-2012 23:30:> 2012/12/13 Tom Eastep <teastep@shorewall.net> > >> DON''T DO IT! > > and why? could you give me an explanation of why it should not?use blrules with a whitelist if you like to see log prepost it with a comment "logentry" before whitelist but if its just to see logs, its silly to add more to firewalls ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
I.S.C. William skrev den 13-12-2012 23:32:> Since I can not block it and want to see if this works. or if you > know of any other way to block it.you want to block destination hostname from lan clients ? if so bind rpz zone will be better ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d