I'm using ipsets to block several IP address ranges, but I'd like even IP addresses within those ranges to be able to connect to me on the TOR port (9001). My /etc/shorewall/blacklist file looks like this:
-------------------------------------------------------------- #ADDRESS/SUBNET PROTOCOL PORT OPTIONS # Whitelist port 9001 for TOR - tcp 9001 whitelist # IPset we use to block countries +cblock - - src -------------------------------------------------------------- Unfortunately, it appears that connections from addresses within the 'cblock' ipset on port 9001 are being dropped. Connections to other ports from addresses in that ipset are, of course, correctly being blocked. Before I go into full-scale troubleshooting, is this the correct way to do what I want? Or have I missed something? Thanks -- Ron Murray ([email protected]) http://www.rjmx.net/~ron GPG Public Key Fingerprint: 0ED0 C1D1 615C FCCE 7424 9B27 31D8 AED5 AF6D 0D4A ------------------------------------------------------------------------------ Why Cloud-Based Security and Archiving Make Sense Osterman Research conducted this study that outlines how and why cloud computing security and archiving is rapidly being adopted across the IT space for its ease of implementation, lower cost, and increased reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
