[Shorewall-users] Blacklist

Charles J. Boening charlie@theboenings.com
Wed, 9 Jan 2002 08:36:27 -0800


Put this in a script called:   add2bl

   cat $1 >> /etc/shorewall/blacklist;/etc/shorewall/firewall refresh


Then call it like this:
   

add2bl ip.add.ress.here


Could also call the script from other monitoring progs like snort or
prelude


Charles




-----Original Message-----
From: shorewall-users-admin@shorewall.net
[mailto:shorewall-users-admin@shorewall.net] On Behalf Of Jim Hubbard
Sent: Wednesday, January 09, 2002 7:09 AM
To: shorewall-users@shorewall.net
Subject: [Shorewall-users] Blacklist


Thanks for what seems to be a very good firewall.  I installed it last
night on my home router system, and even though I haven't really tweaked
it yet, every 'net based port scan I threw at, it like those at
http://scan.sygatetech.com/ and https://grc.com/x/ne.dll?bh0bkyd2,
couldn't even tell I was there (and this was with me initiating the
scans from a masq'd host behind the firewall).

A feature I'd like to see would be a command that would immediately add
or remove an ip or hostname to the blacklist and refresh the firewall.
Maybe something like "shorewall blacklist 12.34.56.78 on" to add and
"shorewall blacklist 12.34.56.78 off" to remove.  Just an idea.

Thanks,
Jim Hubbard

_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://www.shorewall.net/mailman/listinfo/shorewall-users