Hi,
I wonder if I'm doing something wrong because I really can't figure out the
reason preventing Shorewall from being able to blacklist from the command
line
Shell# shorewall blacklist 1.2.3.4
ERROR: The blacklist command is not supported in the current Shorewall
configuration
If I repeat the operation (and again and again...), I get the same message
with an additional warning : (obviously, the PID changes every time)
WARNING: Stale lockfile /var/lib/shorewall/lock from pid 1191 removed
ERROR: The blacklist command is not supported in the current Shorewall
configuration
/etc/shorewall/shorewall.conf looks like this: (basically default settings
with few tweaks)
STARTUP_ENABLED=Yes
VERBOSITY=0
LOG_VERBOSITY=0
LOGLIMIT=2/sec
LOGFILE=/var/log/firewall.log
LOGTAGONLY=Yes
LOG_MARTIANS=Keep
MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
INVALID_LOG_LEVEL=info:,Invalid
IP_FORWARDING=Yes
SHOREWALL_SHELL=/bin/sh
ADD_IP_ALIASES=No
ADMINISABSENTMINDED=Yes
AUTOHELPERS=No
CHAIN_SCRIPTS=No
DISABLE_IPV6=Yes
EXPAND_POLICIES=Yes
HELPERS=none
LOAD_HELPERS_ONLY=Yes
MARK_IN_FORWARD_CHAIN=Yes
MUTEX_TIMEOUT=30
OPTIMIZE=All
OPTIMIZE_ACCOUNTING=Yes
ROUTE_FILTER=Yes
What am I missing?
Of course, using "blrules" file poses no problem and there are 2~3 entries
there.
--
ObNox
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
