Shorewall Question
Charles Steinkuehler
charles at steinkuehler.net
Sat Aug 14 17:05:27 CDT 2004
Michael Pratt wrote:
> I want to block the entire Asian Pacific Network from my network. The
> reason is I keep getting virus attachments from this network and
> attempted relays from this nettork. This is the info.
>
> NetRange: 222.0.0.0 - 222.255.255.255
> CIDR: 222.0.0.0/8
> NetName: APNIC8
> NetHandle: NET-222-0-0-0-1
> Parent:
> NetType: Allocated to APNIC
> NameServer: NS1.APNIC.NET
> NameServer: NS3.APNIC.NET
> NameServer: NS4.APNIC.NET
> NameServer: NS.RIPE.NET
> NameServer: TINNIE.ARIN.NET
>
> This is what I put in my Shorewall config.
> DROP:info net:222.0.0.0/8 fw tcp - - -
> - -
> I am obviously setting something wrong because they are still getting in.
>
> Can you help me out?
What shorewall file are you putting the above in? I suspect it's the
"rules" file, but it helps to be sure.
I think your problem is with the destination. If you mean to filter
*ONLY* traffic to your firewall, you should use $FW to indicate the
firewall (not fw, as you have above, but maybe fw is a zone you created
or something)...depending on your setup, you might need to use all or
multiple zones for the destination. Without seeing more of your
shorewall config, it's hard to tell what you've done wrong.
--
Charles Steinkuehler
charles at steinkuehler.net
More information about the Kclug
mailing list