Jiří Červenka wrote: > > Tom Eastep napsal(a): >> Jiří Červenka wrote: >> >>> Hello, >>> I´m running shorewall 3.0.2 on debian sarge box. >>> I have w2k3 box on eth1 with both public and local ip address running >>> FTP server. >>> I have set proxy arp for this host. >>> Now I try to drop ftp packets from one ip address in internet, but my >>> setup do not work. >>> >> Exactly what does that mean? Does it mean that even with the DROP rule in >> place, you can start a new FTP client on 193.171.155.10 and have it connect >> to 195.113.101.221? >> >> -Tom >> > Yes exactly. I have to put 193.171.155.10 into blacklist file to prevent > new FTP conections. DROP rule in rules file have no efect.
Then I would like to see the output of "shorewall dump" collected as follows: a) With no FTP session from 193.171.155.10, "shorewall dump > dump1.txt" b) "shorewall reset" c) Establish an FTP session from 193.171.155.10 d) "shorewall dump > dump2.txt" Send me the two dump files. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
