Hi, 1) I created an ipset callled "blacklist" ipset create blacklist hash:ip family inet 2) I added DROP net:+blacklist $FW to /etc/shorewall/blrules 3) I told shorewall to log any blacklist action by setting BLACKLIST_LOG_LEVEL=debug in /etc/shorewall/shorewall.conf 4) I restarted shorewall with shorewall safe-restart and accepted the new ruleset. Remember, currently the blacklist is empty. When I now ping the system from another system I''ll get a response (because I accept ping in rules). When I now add the system I am testing from to the blacklist ipset add blacklist <ip> ping from the blacklisted host will fail as expected. Blacklisting is working. But I shorewall doesn''t log anything. :( I created a "LogAndAccept" rule like described in <http://www.shorewall.net/4.4/Actions.html> to make sure logging is working at all and it does. So it is just the blacklist logging what''s not working. Am I doing something wrong? -- Regards, Igor ------------------------------------------------------------------------------ Try New Relic Now & We''ll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
On 04/24/2013 07:56 AM, Igor Sverkos wrote:> Hi, > > 1) I created an ipset callled "blacklist" > > ipset create blacklist hash:ip family inet > > 2) I added > > DROP net:+blacklist $FW >That must be: BLACKLIST net:+blacklist $FW if you want the BLACKLIST_LOG_LEVEL to be applied. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Try New Relic Now & We''ll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
Hi, Tom Eastep wrote:> On 04/24/2013 07:56 AM, Igor Sverkos wrote: >> Hi, >> >> 1) I created an ipset callled "blacklist" >> >> ipset create blacklist hash:ip family inet >> >> 2) I added >> >> DROP net:+blacklist $FW >> > > That must be: > > BLACKLIST net:+blacklist $FW > > if you want the BLACKLIST_LOG_LEVEL to be applied.Thanks! -- Regards, Igor ------------------------------------------------------------------------------ Try New Relic Now & We''ll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr