When I try you rules: DNAT- net loc:192.168.1.160 tcp 80 Limit:info:HTTPACCESS,3,60 net loc:102.168.1.160 tcp 80
I receive this warning when doing 'shorewall check': WARNING: The destination zone (loc) is ignored in DNAT rules : /etc/shorewall/rules (line 34) I understand that it is just a warning, but should I change anything to get rid of the warning? Or is this the only way and should I just ignore the warning? Sander -----Original Message----- From: Tom Eastep [mailto:[email protected]] Sent: maandag 12 april 2010 22:16 To: Shorewall Users Subject: Re: [Shorewall-users] Using the limit action on a DNAT rule to prevent DoS attackson a specific port S. J. van Harmelen wrote: > I’m reading and reading through the doc’s and previous posts, but cannot > seem to find what I’m looking for. I want to create a rule that prevents > DoS and maybe even DDoS attacks against a specific port. The current > rule looks like this (the PORT’s and IP’s are dummies of course): > > #ACTION SOURCE DEST > HTTP(DNAT) net loc:192.168.1.160 > > Now how can I convert this rule so I can use the limit action? I assume > the following rule isn’t going to work correct because it misses the > DNAT action: > > Limit:info:HTTPACCESS,3,60 net loc:192.168.1.160 tcp 80 > > So how should I do this? Any help or pointers the some usefull doc’s > about this topic are more then welcome! DNAT- net loc:192.168.1.160 tcp 80 Limit:info:HTTPACCESS,3,60 net loc:102.168.1.160 tcp 80 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
