On 10/15/2018 05:07 AM, Vieri Di Paola via Shorewall-users wrote: > Hi, > > I have the following in my rules file: > > DNAT net2:!+IPS_BL,+POL_BL,+GEO_BL,+GEOIPS_BL loc:10.215.145.81 > tcp 80,443 - - 30/min:35 > [...] > ADD(POL_BL:src):info:polbl,add2polbl net1,net2,net3:!+POL_BL,+GLOBAL_WL > all tcp,udp - !443,80,25,3389 > > Suppose host at x.x.x.x tries to access via port 80 through shorewall, I > understand the connection should have been DNAT'ed, right? > In no case should it had been added to the POL_BL ipset, right? > However, in shorewall's log I can see the following line: > > Oct 15 10:48:09 Shorewall:polbl:add2polbl:IN=ppp2 OUT= MAC= SRC=x.x.x.x > DST=y.y.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=13247 DF PROTO=TCP SPT=52576 > DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x2 > > Any clues?
If the connection rate to ports 80 and 443 from the net exceeds the LIMIT on the DNAT rule, then those connections exceeding the rate will be added to the ipset. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
