Thanks. I'll look into other ways of getting the list blocked then.
Mark II Quoting Tom Eastep <teas...@shorewall.net>:
On 8/22/2013 9:06 PM, Mark D. Montgomery II wrote:I would like to add in a blacklist from lists of known bad IPs/Domains (scammers/spammers/phishers/etc.), but seem to be having some problems. I add the list into the /etc/shorewall/blacklist file and then either restart or refresh shorewall, but it never finishes. When I look at iptables while shorewall is starting I see a number of rules added, but then I see a number of rules added for dropping from the opendns fail servers (hit-nxdomain.opendns.com and hit-servfail.opendns.com). I assume these are from it doing lookups on domains that are no longer there since the list was compiled, so it ends up adding rules blocking those, which then seems to halt the list processing shortly thereafter.FAPlacing DNS names in the Shorewall config files is a really bad idea. See http://www.shorewall.net/co.nfiguration_file_basics.htm#dnsnamesI tried adding ACCEPT rules in for the ip ranges and domain names for the opendns servers but it didn't make a difference (apparently the blacklist processing overrides the rules in the rules file?).Yes.Is there anything I can do short of pre-processing the lists to filter out the no-longer-there domains?My advice is to not use Shorewall to filter by DNS name. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
-- Mark D. Montgomery II http://www.techiem2.net
pgpGdY5N8JWzg.pgp
Description: PGP Digital Signature
------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
