Re: [Shorewall-users] export list of dynamic blacklist items?

Sat, 27 Sep 2014 09:56:27 -0700 

As I dig more into SAVE_IPSETS ... 

I currently populate/update lists of addresses to be added to various IPSETs 
for use in SW *externally*. These lists' contents are regularly updated by 
apprporiately scheduled cron jobs, &/or manual update scripts.  These lists 
contain, e.g., GeoIP lists, Spamhaus droplists, honeypot-fed lists, etc., each 
sources from different locations and maintained/updated at different 
frequencies.

Cron jobs & lib.private SW scripts, executed at start/stop, load those lists 
into temporary IPSETs, which are then SWAP'd in to replace existing IPSETs.  
SW, of course, immediately uses the newly swapped-in IPSETs' contents.

Atm, all of this is done externally and, here, must be since IIUC (?) SW has no 
current function to CREATE or UPDATE IPSETs.

Since these *address lists*, NOT the IPSETs are saved & resident on disk, 
SAVE_IPSET is redundant for any/all of these externally-managed sets.

OTOH, for DYNAMIC_BLACKLIST's IPSET, which is created/managed from 'within' SW, 
the SAVE_IPSETS function for *it* is useful/necessary.

I _think_ what this suggests for me is an extension to SAVE_IPSETS (in 
/shorewall{6}.conf & /shorewall-init) to

SAVE_IPSETS = yes : no : list
SAVE_IPSETS_LIST = (comma separated list of arbitrary IPSETs) + 
(DYNAMIC_BLACKLIST's IPSET)

where, if SAVE_IPSETS = list, *only* the listed IPSETS would get saved.

In MY case, I'd likely do

SAVE_IPSETS = list
SAVE_IPSETS_LIST = ""

to have SW save/restore ONLY the DYNAMIC_BLACKLIST IPSET, and not redundantly 
save/restore my other/external IPSETs.

Again, leveraging what's already in SW.

Thoughts or comments?


------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to