Discussion:
[Shorewall-users] IP blocking not working
Tom Eastep
2016-09-07 03:09:22 UTC
Permalink
Sorry, I didn't answer your question.
Shorewall is letting those packets through because they are in the
"Established" or "Related" state. The rule you added is likely a rule to
match packets in the "NEW" state.
Flush your connections with the commands from my last email.
FYI, it helps to run that command a few times in a row.
Also be sure that the DROP rule is in the /etc/shorewall/blrules file or
that it is before any net->fw ACCEPT rules in /etc/shorewall/rules

-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
Grant
2016-09-07 11:58:57 UTC
Permalink
Post by Tom Eastep
Shorewall is letting those packets through because they are in the
"Established" or "Related" state. The rule you added is likely a rule to
match packets in the "NEW" state.
Flush your connections with the commands from my last email.
FYI, it helps to run that command a few times in a row.
OK I'll remember conntrack-tools.
Post by Tom Eastep
Also be sure that the DROP rule is in the /etc/shorewall/blrules file or
that it is before any net->fw ACCEPT rules in /etc/shorewall/rules
That could have been the problem too. I had the DROP rule at the
bottom of my rules file after various ACCEPT rules.

I've also just implemented nginx limit_req along with fail2ban to
automate this sort of thing.

- Grant

------------------------------------------------------------------------------
Continue reading on narkive:
Loading...