You're absolutely right about me not telling you what version I used... So I tried to substitute 'net' with '-' but then I received this error:
=> ERROR: Missing source zone : /etc/shorewall/rules (line 34) When I substitute 'loc:192.168.1.160' with '-' I get the error: => ERROR: Unknown Host (0.0.0.0/0) : /etc/shorewall/rules (line 34) But when I only substitute 'loc' with '-' it works without any warnings :) So now I use: => DNAT- net -:192.168.1.160 tcp 80 => Limit:info:HTTPACCESS,3,60 net loc:102.168.1.160 tcp 80 Sander -----Original Message----- From: Tom Eastep [mailto:teas...@shorewall.net] Sent: woensdag 14 april 2010 21:31 To: Shorewall Users Subject: Re: [Shorewall-users] Using the limit action on a DNAT rule to prevent DoS attackson a specific port S. J. van Harmelen wrote: > When I try you rules: > > DNAT- net loc:192.168.1.160 tcp 80 > Limit:info:HTTPACCESS,3,60 net loc:102.168.1.160 tcp 80 > > I receive this warning when doing 'shorewall check': > > WARNING: The destination zone (loc) is ignored in DNAT rules : > /etc/shorewall/rules (line 34) > > I understand that it is just a warning, but should I change anything > to get rid of the warning? Or is this the only way and should I just > ignore the warning? I gave you those rules before you had mentioned what version of Shorewall you were running. Replace 'net' with '-' in the first rule. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ---------------------------------------------------------------------------- -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
