[Shorewall-users] Blacklist

Charles J. Boening charlie@theboenings.com
Wed, 9 Jan 2002 08:36:27 -0800

Put this in a script called:   add2bl

   cat $1 >> /etc/shorewall/blacklist;/etc/shorewall/firewall refresh

Then call it like this:

add2bl ip.add.ress.here

Could also call the script from other monitoring progs like snort or


-----Original Message-----
From: shorewall-users-admin@shorewall.net
[mailto:shorewall-users-admin@shorewall.net] On Behalf Of Jim Hubbard
Sent: Wednesday, January 09, 2002 7:09 AM
To: shorewall-users@shorewall.net
Subject: [Shorewall-users] Blacklist

Thanks for what seems to be a very good firewall.  I installed it last
night on my home router system, and even though I haven't really tweaked
it yet, every 'net based port scan I threw at, it like those at
http://scan.sygatetech.com/ and https://grc.com/x/ne.dll?bh0bkyd2,
couldn't even tell I was there (and this was with me initiating the
scans from a masq'd host behind the firewall).

A feature I'd like to see would be a command that would immediately add
or remove an ip or hostname to the blacklist and refresh the firewall.
Maybe something like "shorewall blacklist on" to add and
"shorewall blacklist off" to remove.  Just an idea.

Jim Hubbard

Shorewall-users mailing list