On 2014-02-08 00:16, Roberto C. Sánchez wrote: > On Fri, Feb 07, 2014 at 11:06:35PM +0000, Donald S. Doyle wrote: >> Is there a way to have Shorewall communicate with the listing services >> (SORBS, Spamhaus, etc.)?
> Not directly. I would script the process of downloading the list, > extracting the IPs to a list of addresses or a list of address ranges, > then put the addresses/ranges in a blrules file and then restart > Shorewall. There may already be a script floating around for that. fail2ban could manage a ipset bl rule db, with again is used in shorewall, or just use fail2ban direct to shorewall allow|drop <ip> only drawback is that fail2ban then need memory to hold ips while in bantime, if ipset is used, then fail2ban can limit bantime while ipset holds it much longer without more memory used why fail2ban is not yet make use of sqlite then ram based structs is beoung me :( with ipset shorewall does not need to reload or restart with is s good thing to avoid ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
