[Shorewall-users] best method to block bad boy IP's ?

Pieter Ennes pieter@bankastraat.dhs.org
Mon, 7 Jan 2002 21:38:33 +0100 (CET)


On Mon, 7 Jan 2002, Tom Eastep wrote:

> If I were to add a /etc/shorewall/blacklist file where rogue IP addresses and
> subnets could be listed, would people find that useful?

Yes, i think so! But while you're at it, may be a general mechanism
for reading ip-addresses from files into zones would be nice?

I now have split my internet zone into trusted, normal and blacklisted
hosts using a params file. This works great, except for a minor
inconvenience of adding the interface name in front of every host.
Reading addresses from a file indeed would be nice in my case...

Kind regards, Pieter Ennes.

-- 
 Pas op de muonen!