On Fri, 16 Mar 2012 12:58:07 -0500 (CDT)
Eric Teeter teet...@charter.net wrote:
Tom:
I have two macro's that you may want to add to the new versions of
Shorewall.
Hope this helps!
macro.Phone works for IP Phones (example Asterisk etc.)
Phone is a very bad name for this. Macro
Tuomo:
I know but there is more than Asterisk out there. that is why is was more
generic,then maybe macro.IPPhone would work.
Eric
- Original Message -
From: Tuomo Soini t...@foobar.fi
To: shorewall-users@lists.sourceforge.net
Sent: Saturday, March 17, 2012 3:25:02 AM
Subject: Re:
On 16 Mar 2012, at 17:58, Eric Teeter teet...@charter.net wrote:
Tom:
I have two macro's that you may want to add to the new versions of Shorewall.
Hope this helps!
macro.Phone works for IP Phones (example Asterisk etc.)
macro.Prelude works for Prelude IDS
I can't comment on the
Beta 1 is now available for testing.
New Features:
1) The 'mss' option is now supported in the /etc/shorewall[6]/hosts
files. See the manpages for details.
2) It is now possible to conditionally include or omit configuration
entries based on the settings of shell variables. See
Chris:
On prelusde I use to open to the inside not the outside, if you have like snort
on your firewall. I found that if I did not it would not work otherwise. If you
have no sensors on your firewall you will not need it.
On the Phone it makes it easier for me to follow what I have open. The
On 03/17/2012 09:28 AM, Eric Teeter wrote:
Chris:
On prelusde I use to open to the inside not the outside, if you have
like snort on your firewall. I found that if I did not it would not
work otherwise. If you have no sensors on your firewall you will not
need it.
On the Phone it makes
This rule seems to work for me, please try if you like them works
already.
SECTION BLACKLIST
#
HTTPS(REJECT) all
net:69.171.224.0-69.171.255.255,66.220.144.0-66.220.159.255
tcp
#
SECTION NEW
.
Well, almost. I have done it like this:
/etc/shorewall/params:
Hi,
I realise that one can simply start fail2ban and then it will insert its
own ruleset before shorewall's ruleset. Are there subscribers to this
list having alternative (and probably better) ways to use both fail2ban
and shorewall?
Thanks,
Mark
Den 2012-03-18 02:04, Mark skrev:
list having alternative (and probably better) ways to use both
fail2ban
and shorewall?
action.d/shorewall
does shorewall allow/drop ip
just got tired of fail2ban and maked permenent blacklist for the most
abusive ips, using spamhaus drop as blacklist