[Shorewall-users] best method to block bad boy IP's ?

Richard Pyne rpyne@shopsite.com
Mon, 7 Jan 2002 12:50:19 -0700


Yes, that would be useful.

--Richard

On 7 Jan 2002 at 11:40, Tom Eastep wrote:

> On Monday 07 January 2002 11:31 am, Scott Duncan wrote:
> > I have an IP that I picked up scanning my firewall for port 22 and I
> > want to block all traffic from this IP. Is it best to do this by rules
> > like the following or is there a better way:
> >
> > REJECT    net:65.66.80.53        fw         tcp          -
> > REJECT    net:65.66.80.53       dmz       tcp          -
> > REJECT    net:65.66.80.53       dmz        udp        -
> >
> 
> How about:
> 
> REJECT	net:65.66.80.53	fw	all
> REJECT	net:65.66.80.53	dmz	all	
> 
> If I were to add a /etc/shorewall/blacklist file where rogue IP
> addresses and subnets could be listed, would people find that useful?
> 
> -Tom
> -- 
> Tom Eastep    \ A Firewall for Linux 2.4.*
> AIM: tmeastep  \ http://www.shorewall.net
> ICQ: #60745924  \ teastep@shorewall.net
> -------------------------------------------
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net
> http://www.shorewall.net/mailman/listinfo/shorewall-users
> 


----------
Richard Pyne
rpyne@shopsite.com
Software Engineer
ShopSite, Inc
http://www.ShopSite.com