Hello everybody,
>>> I picked up something a few months back and now tried to switch it on on my
>>> box.
>>>
>>>> On 02/21/2016 04:41 AM, Benny Pedersen wrote:
>>>>> iptables -I INPUT -p tcp --dport 25 -m string --algo bm --string
>>>>> 'ylmf-pc' -j DROP
>>>>>
>>>>> how to add that silly bot to shorewall rules ?
>>>>>
>>>>
>>>> Add this to the ESTABLISHED section:
>>>>
>>>> DROP net $FW tcp 25 ;; -m string --algo bm --string 'ylmf-pc'
>>>
>>> I assumed it goes into the rules file and put it there accordingly.
>>>
>>> A shorewall dump |grep ylmf doesn't return anything though and I noticed
>>> that ALL of my incoming mail connections are suffering from this blockage.
>>>
>>> What did I miss? I have scanned through the ML archive concerning this, but
>>> seem to miss the crucial point somehow...
>>>
>>
>> That syntax only works on Shorewall 5 -- on Shorewall 4, you need:
>>
>> DROP net $FW tcp 25 ; -m string --algo bm --string 'ylmf-pc'
>>
>> and you need to set INLINE_MATCHES=Yes in shorewall.conf. Note that
>> setting INLINE_MATCHES=Yes, will make the compiler assume that
>> *anything* after the semicolon is raw iptables input. So if you have
>> used the ';' form of alternate column input, then you need to also
>> switch those rules to use the {....} form instead. See
>> http://www.shorewall.org/configuration_file_basics.htm#Pairs
>>
>
> You will probably need to use this form instead or the compiler will
> complain about the quotes:
The 4.6.13.4 responds to
> INLINE(DROP) net $FW tcp 25 ; -m string --algo bm --string 'ylmf-pc'
with
Compiling /etc/shorewall/rules...
ERROR: Shorewall Configuration file entries may not contain single quotes
/etc/shorewall/rules (line 16)
and line 16 is the INLINE(DROP) line, I now use "ylmf-pc" instead and this
seems to work, shorewall dump yields
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25 STRING match "ylmf-pc" ALGO name bm TO 65535 ctstate
ESTABLISHED
Best of thanks again!
--
Florian Piekert flo...@floppy.org
Spargelweg 5 Telephone+Fax: +49-700-00floppy
38179 Schwülper-Walle/Germany +49-179- 3928582
===========================================================================
Note: this message was send by me *only* if the eMail message contains a
correct pgp signature corresponding to my address at flo...@floppy.org. Do
you need my PGP public key? Check out http://www.floppy.org or send me an
email with the subject "send pgp public key" to this address of mine. Thx!
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
