On 13-10-22 10:15 AM, Tom Eastep wrote: > The plot thickens. Sorry. I thought that requirement was described in my original message. Clearly I was not detailed enough in my description. Sorry about that.
> The 'conntrack' match has the ability to distinguish > the original direction from the reply direction using '--cttdir > [ORIGINAL|REPLY]'. So I guess that you could could place this as the > first rule of the fail2ban action: > > INLINE(CONTINUE) - - ; -m conntrack --ctdir REPLY Compiling /etc/shorewall/gw-new-AA/action.fail2ban for chain fail2ban... ERROR: Invalid column/value pair (-m) : /etc/shorewall/gw-new-AA/action.fail2ban (line 1) Maybe my shorewall is not new enough. 4.4.26.1 on Ubuntu LTS. 4.4.27.3 on the remote (i.e. shorewall-lite) machine. My whole action.fail2ban just to double-check: INLINE(CONTINUE) - - ; -m conntrack --ctdir REPLY ban - - ban_repeater - - I have two different chains I want fail2ban to add rules to depending on if they are repeat offenders or not. Cheers, b.
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
