I have the latest version of Bering UlibC with shorewall 1.4.5. I also run a DMZ with an ftp server. The DNAT rule logs at the info level so I can see who is accessing the server. I have blacklisted China and Korea according to http://www.okean.com/asianspamblocks.html
Now, last night, I get a hit from:
Dec 21 01:09:40 firewall kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=00:20:af:9f:15:ff:00:09:12:85:08:70:08:00 SRC=210.82.163.1 DST=66.67.173.226 LEN=60 TOS=0x10 PREC=0x00 TTL=38 ID=24530 DF PROTO=TCP SPT=3457 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0
But, my blacklist includes 210.82.0.0/15
Also, my shorewall log shows no hit which I didn't expect to, and the counter in "shorewall status" shows one hit for that range.
My question is, did he get blocked or allowed access? It looks as thought he got access.
Thanks,
Tony
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
