[Shorewall-users] best method to block bad boy IP's ?

Tom Eastep teastep@shorewall.net
Mon, 7 Jan 2002 11:40:43 -0800


On Monday 07 January 2002 11:31 am, Scott Duncan wrote:
> I have an IP that I picked up scanning my firewall for port 22 and I wa=
nt
> to block all traffic from this IP. Is it best to do this by rules like =
the
> following or is there a better way:
>
> REJECT    net:65.66.80.53        fw         tcp          -
> REJECT    net:65.66.80.53       dmz       tcp          -
> REJECT    net:65.66.80.53       dmz        udp        -
>

How about:

REJECT=09net:65.66.80.53=09fw=09all
REJECT=09net:65.66.80.53=09dmz=09all=09

If I were to add a /etc/shorewall/blacklist file where rogue IP addresses=
 and=20
subnets could be listed, would people find that useful?

-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net
-------------------------------------------