On 04/04/2016 01:53 AM, Florian Piekert wrote: > Hello everybody, > > I picked up something a few months back and now tried to switch it on on my > box. > >> On 02/21/2016 04:41 AM, Benny Pedersen wrote: >>> iptables -I INPUT -p tcp --dport 25 -m string --algo bm --string >>> 'ylmf-pc' -j DROP >>> >>> how to add that silly bot to shorewall rules ? >>> >> >> Add this to the ESTABLISHED section: >> >> DROP net $FW tcp 25 ;; -m string --algo bm --string 'ylmf-pc' > > I assumed it goes into the rules file and put it there accordingly. > > A shorewall dump |grep ylmf doesn't return anything though and I noticed > that ALL of my incoming mail connections are suffering from this blockage. > > What did I miss? I have scanned through the ML archive concerning this, but > seem to miss the crucial point somehow... >
That syntax only works on Shorewall 5 -- on Shorewall 4, you need:
DROP net $FW tcp 25 ; -m string --algo bm --string 'ylmf-pc'
and you need to set INLINE_MATCHES=Yes in shorewall.conf. Note that
setting INLINE_MATCHES=Yes, will make the compiler assume that
*anything* after the semicolon is raw iptables input. So if you have
used the ';' form of alternate column input, then you need to also
switch those rules to use the {....} form instead. See
http://www.shorewall.org/configuration_file_basics.htm#Pairs
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
