Package: libpam-shield Version: 0.9.2-3.3 Severity: wishlist -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear Maintainer, I've written a small script to support blocking addresses through shorewall/shorewall6 instead of directly through iptables. Due to the missing upstream page (http://www.ka.sara.nl/home/walter/pam_shield/) I'd like to propose it's inclusion here. If you as the maintainer are in contact with the upstream author, could you please forward it? I think it would be useful to some people. - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libpam-shield depends on: ii libc6 2.13-33 ii libgdbm3 1.8.3-11 ii libpam0g 1.1.3-7.1 libpam-shield recommends no packages. Versions of packages libpam-shield suggests: ii iproute 20120521-3 ii iptables 1.4.14-2 - -- Configuration Files: /etc/security/shield.conf changed [not included] - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk/rEXIACgkQeJ3z1zFMUGZBFQCfTCan9ovAs9F5Z0cpPp3YdnQh TBgAn0v0FiJUlR/e1/F/wELg4O+KBDqf =VSfO -----END PGP SIGNATURE-----
#! /bin/sh # # shield-trigger-shorewall # # Copyright (C) 2012 Michael Fladischer <mich...@fladi.at> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # usage() { echo "Usage: ${0##*/} [add|del] <IP number>" echo "$0 is normally called by the pam_shield PAM module" exit 1 } PATH=/sbin:/usr/sbin:/bin:/usr/bin if [ -z "$2" ] then usage fi # lousy detection of IPv4 or IPv6 address IPT=`echo "$2" | sed 's/[0ma-9\.]//g'` if [ -z "$IPT" ] then SHOREWALL=/sbin/shorewall else SHOREWALL=/sbin/shorewall6 fi if [ ! -x $SHOREWALL ]; then echo "Shorewall binary not found at $SHOREWALL." echo "Maybe you need to run 'aptitude install shorewall'." exit1 fi case "$1" in add) logger -i -t shield-trigger -p auth.info "blocking $2" $SHOREWALL reject $2 ;; del) logger -i -t shield-trigger -p auth.info "unblocking $2" $SHOREWALL allow $2 ;; *) usage ;; esac # EOB