Displaying 20 results from an estimated 1100 matches similar to: "ipsets"
2011 Jul 22
32
Shorewall 4.4.22 Beta 3
Beta 3 is now available for testing.
Corrections in this release:
1) Corrections included in Shorewall 4.4.21.1.
2) Several problems reported by Steven Springl.
The rest is largely cleanup of the new rule infrastructure.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \
2011 Jul 22
32
Shorewall 4.4.22 Beta 3
Beta 3 is now available for testing.
Corrections in this release:
1) Corrections included in Shorewall 4.4.21.1.
2) Several problems reported by Steven Springl.
The rest is largely cleanup of the new rule infrastructure.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \
2019 Mar 25
3
[Bug 1328] New: Please allow ipset add and del via the /proc/net/xt_ipset mechanism
https://bugzilla.netfilter.org/show_bug.cgi?id=1328
Bug ID: 1328
Summary: Please allow ipset add and del via the
/proc/net/xt_ipset mechanism
Product: ipset
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component:
2012 Feb 28
6
[Bug 773] New: iptables performance limits on # of rules using ipset
http://bugzilla.netfilter.org/show_bug.cgi?id=773
Summary: iptables performance limits on # of rules using ipset
Product: ipset
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: default
AssignedTo: netfilter-buglog at lists.netfilter.org
2012 Feb 12
7
Shorewall 4.5.0
The Shorewall Team is pleased to announce the availability of Shorewall
4.5.0.
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) This release includes all defect repair included in
4.4.27.1-4.4.27.3.
2) The start
2016 Sep 13
2
Iptables not save rules
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of John R Pierce
> Sent: Sunday, September 11, 2016 10:44 PM
> To: centos at centos.org
> Subject: Re: [CentOS] Iptables not save rules
>
> On 9/11/2016 8:55 AM, TE Dukes wrote:
> > I have been using ipset to blacklist badbots. Works like a champ!
>
2006 Nov 14
20
Shorewall performance
I have a couple of firewalls that are rather complicated - one has 21
interfaces, and the other has about 50 (there''s some heavy use of
802.1q, they only have half a dozen network cards). They work okay,
but - compiling the rules takes a long time even on the faster
servers, and restarting shorewall-lite takes between 5 and 10 minutes
(during which time, only the routestopped stuff will
2023 Dec 05
3
[Bug 1726] New: invalid json generated by ipset list -output json
https://bugzilla.netfilter.org/show_bug.cgi?id=1726
Bug ID: 1726
Summary: invalid json generated by ipset list -output json
Product: ipset
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: trivial
Priority: P5
Component: default
Assignee:
2016 Sep 11
2
Iptables not save rules
Hello,
I have been using ipset to blacklist badbots. Works like a champ!
The only problem is if I do a system reboot, I lose the ipset and the rule.
I changed /etc/sysconfig/iptables.conf to:
IPTABLES_SAVE_ON_RESTART="yes"
IPTABLES_SAVE_ON_STOP="yes"
And followed the instructions in:
https://www.centos.org/forums/viewtopic.php?t=3853
The changes are still not saved.
2012 Feb 11
6
"ERROR: Invalid action" for FTP
OS: Debian Lenny (kernel 2.6.26-2-686
Shorewall: 4.0.15 (installed from Debian repository)
I have an FTP server behind Debian system I am using for a firewall and I am wanting to use Shorewall on it (the Debian firewall). Following the instructions for configuring FTP (at <http://www.shorewall.net/FTP.html>), I have the following rule in my /etc/shorewall/rules file:
FTP(DNAT) net
2010 Jun 17
4
shorewall 4.4.10 failing to start; won't recognize ipset "capability"
I have been using shorewall for years with ipsets. I have encountered a
problem after upgrading from 4.2.11 to 4.4.10. When I run
''shorewall-check'' or ''shorewall start'', it halts with the error:
----------------------------------------------------------------------
ERROR: ipset names in Shorewall configuration files require Ipset Match
in your kernel and
2012 Feb 24
7
how to compare shorewall config versus live iptables rules?
Greetings,
I''m new to Shorewall but not to working with Iptables. Shorewall is the
simplest firewall front end I have found thus far. I''m currently trying
to build a Cfengine policy to maintain Shorewall configurations. My
main problem at them moment is confirming that the running iptables
rules match what Shorewall originally built.
If I understand Shorewall correctly the
2018 Sep 15
3
ipset-service save fails when module compiled into kernel
I want to use the ipset-service to store ipsets persistently across boots.
(For use by iptables rules. firewalld has direct support for persistent
ipsets but I need the more general capability of raw iptables.)
I'm using a kernel with ipsets compiled in, rather than loaded as a module.
The support script that saves ipsets checks if the module is loaded before
saving and finds nothing, so
2010 Mar 11
2
[Bug 640] New: ipset-4.2 : ipset -T <some_setlist> <address> always negative
http://bugzilla.netfilter.org/show_bug.cgi?id=640
Summary: ipset-4.2 : ipset -T <some_setlist> <address> always
negative
Product: ipset
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P1
Component: default
AssignedTo:
2020 Jan 09
7
Blocking attacks from a range of IP addresses
I am being attacked by an entire subnet where the first two parts of the IP address remain identical but the last two parts vary sufficiently that it is not caught by fail2ban since the attempts do not meet the cut-off of a certain number of attempts within the given time.
Has anyone created a fail2ban filter for this type of attack? As of right now, I have manually banned a range of IP addresses
2012 Feb 26
6
Continuous pings going through a full DROP policy
For a same configuration in which the default policy is drop and only
one connection is accepted in rules, continuous pinging to devices
will stop squarely in 4.0.15 as soon as a very basic firewall is
enabled whereas in 4.4.26.1, pinging will still continue after the
firewall is enabled.
All tests are done with proper reboot of the unit3 where the firewall
is applied:
unit1 <---> eth4
2019 Apr 12
1
Mail account brute force / harassment
On Fri, 12 Apr 2019, mj wrote:
> What we do is: use https://github.com/trick77/ipset-blacklist to block IPs
> (from various existing blacklists) at the iptables level using an ipset.
"www.blocklist.de" is a nifty source. Could you suggest other publically
available blacklists?
> That way, the known bad IPs never even talk to dovecot, but are dropped
> immediately. We
2009 Dec 08
1
EmergingThreats fwrules ipset updater
hi
i''ve created an emergingthreats fwrules ipset updater for use with my
shorewall.
maybe others find this usefull too.
short howto:
* get bash script (emerging-ipset-update.txt) from
http://doc.emergingthreats.net/bin/view/Main/EmergingFirewallRules
* add the configured ipsets to shorewall configfile "blacklist"
* if not already configured: configure your interfaces for
2012 Mar 14
7
Block port 443 (https) to Facebook.com
Hi, in shorewall version 3.4.8 used this rule to block access to Facebook
through port 443 (https):
/shorewall/rules:
REJECT loc net:69.171.224.12,
69.171.224.0/19,69.63.176.0/20,66.220.144.0/20 tcp 443
What I did was block the public IP network segment to fitthrough https.
Now I use this same rule in version 4.4 and I works already.
Has anything changed in this
2019 Jan 14
3
CentOS 6.X, iptables 1.47 and GeoLite2 Country Database
Hi
Specs in subject line: CentOS 6.X all latest patches), iptables 1.47, Apache2.2
I use the Geolite legacy databases together with iptables 1.47 to filter traffic for a variety of ports and only allow .AU traffic to have access.
Maxmind (https://dev.maxmind.com/geoip/geoip2/geolite2/) changed the default DB to the latest version which is GeoLite2, this leaves all users in need of the old