On 10/22/2013 8:29 AM, Brian J. Murrell wrote: > On 13-10-22 10:15 AM, Tom Eastep wrote: >> The plot thickens. > > Sorry. I thought that requirement was described in my original message. > Clearly I was not detailed enough in my description. Sorry about that. >
Not at all -- It was my failure to think this through completely. >> The 'conntrack' match has the ability to distinguish >> the original direction from the reply direction using '--cttdir >> [ORIGINAL|REPLY]'. So I guess that you could could place this as the >> first rule of the fail2ban action: >> >> INLINE(CONTINUE) - - ; -m conntrack --ctdir REPLY > > Compiling /etc/shorewall/gw-new-AA/action.fail2ban for chain fail2ban... > ERROR: Invalid column/value pair (-m) : > /etc/shorewall/gw-new-AA/action.fail2ban (line 1) > > Maybe my shorewall is not new enough. 4.4.26.1 on Ubuntu LTS. 4.4.27.3 > on the remote (i.e. shorewall-lite) machine. Much too old. 4.4.26 was released almost two years ago. INLINE was introduced this spring in 4.5.16, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
