________________________________ From: Tom Eastep <teas...@shorewall.net> > Configure ipset-based dynamic blacklisting:> > > DYNAMIC_BLACKLIST=ipset-only,timeout=3600::info > > then put this at the bottom of your rules: > > ADD(SW_DBL4,src) net $FW
I believe the seperator is : instead of ,. I have this now in rules: ADD(SW_DBL4:src) net1 $FW ADD(SW_DBL4:src) net2 $FW ADD(SW_DBL4:src) net3 $FW and this in shorewall.conf: DYNAMIC_BLACKLIST=ipset-only,timeout=3600 ipset list SW_DBL4 shows that the set is growing fast... I understand there's no special flag requirement for net "interfaces", not even "blacklist" as we're using ipsets here, not files. Thanks, Vieri ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users