Charles J. Boening
Wed, 9 Jan 2002 08:36:27 -0800
Put this in a script called: add2bl
cat $1 >> /etc/shorewall/blacklist;/etc/shorewall/firewall refresh
Then call it like this:
Could also call the script from other monitoring progs like snort or
[mailto:email@example.com] On Behalf Of Jim Hubbard
Sent: Wednesday, January 09, 2002 7:09 AM
Subject: [Shorewall-users] Blacklist
Thanks for what seems to be a very good firewall. I installed it last
night on my home router system, and even though I haven't really tweaked
it yet, every 'net based port scan I threw at, it like those at
http://scan.sygatetech.com/ and https://grc.com/x/ne.dll?bh0bkyd2,
couldn't even tell I was there (and this was with me initiating the
scans from a masq'd host behind the firewall).
A feature I'd like to see would be a command that would immediately add
or remove an ip or hostname to the blacklist and refresh the firewall.
Maybe something like "shorewall blacklist 188.8.131.52 on" to add and
"shorewall blacklist 184.108.40.206 off" to remove. Just an idea.
Shorewall-users mailing list