-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Shorewall 5.2.4.1 is now available for download.
Problems Corrected:
1) The web site and documentation have been improved to correct some
invalid links in the manpages (including the manpages released
in Shorewall components) and to link d
On 4/17/20 6:41 AM, Vieri Di Paola wrote:
> Hi,
>
> This might be trivial, but how can I add a source IP address to an
> ipset only when the source port is NOT in an ipset AND NOT in a port
> range?
>
> the following gives an error:
>
> ADD(POL_BL:src):info:polbl,add2polbl
> net1,net2,net3:!+POL
Nevermind. Having fixed the xt_tables database files, or more likely
because of an intervening reboot? Shorewall show capabilities now shows
GeoIP Yes and accepts the relevant syntax: in my case a whitelist rather
than blacklist, DROP:$LOG Dirty:!^[CA,US] all+
For the record: most of the online i
Hi,
This might be trivial, but how can I add a source IP address to an
ipset only when the source port is NOT in an ipset AND NOT in a port
range?
the following gives an error:
ADD(POL_BL:src):info:polbl,add2polbl
net1,net2,net3:!+POL_BL,+GLOBAL_WL,+NORMAL_WL all tcp -
!+POL_BL_EXCL,4
Just to update: the reboot went badly but for a different reason. It
appears the match rule resulting from the ipset was applied before any
other rules including a specific rule to allow me to ssh to the machine -
so I locked myself out. It's a hosted VM and I have no console access so
had to get t
