I rarely reboot but when I do, I have Shorewall just create an empty ipset from
'init'. These
h@ckorz are going to try again and simply get banned again. I DROP anything in
the ipset
at the beginning of the 'rules' file. This keeps things from getting logged
over and over.
I find using an ipset with fail2ban a simple approach. It's easy to list, add
to, or delete entries.
Bill
On 10/27/2019 5:57 PM, Nigel Aves wrote:
As a note, I'm a photographer who likes to run their own server for web sites / email server, but I am no sys-admin person. I
have though been using Shorewall for a number of years now.
I've been building a new server to replace my aging server. Centos 7 / VirtualMin install for software / admin. BUT I have had
to use Kernel 4.x so that the Ryzen processor was recognized correctly.
I copied all the shorewall files across, checked configuration and shorewall started up OK. But I could never get shorewall to
start at boot. Tried all hints I could find on internet to no avail.
Loaded Shorewall-init, set up the conf file. But now every-time I tried to start it would fail with an error about the ipset
"f2b" (- from fail2ban). I took all references out of the conf files for Shorewall, did a "shorewall compile". This seems to
have solved the error messages I was getting.
Questions.
1/ When using shorewall-init does shorewall itself have to be running, or is the compiled shorewall rules loaded directly
into iptables?
2/ When using fail2ban should I still be trying to push the banned ip's into shorewall, or should I change the settings to
push directly into iptables?
3/ Anything I might have missed ( )?
Kind Regards - Nigel Aves.
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
