Re: [Shorewall-devel] zone-dependent blacklist/whitelist

From: Tom Eastep <teastep_at_nospam>
Date: Fri Sep 30 2011 - 23:01:29 GMT
To: shorewall-devel@lists.sourceforge.net

On Sep 30, 2011, at 3:55 PM, Mr Dash Four wrote:

>
>> Okay -- then let's do this:
>>
>> a) Add DropSmurfs and TCPFlags actions that do the same thing as the interface options 'nosmurfs' and 'TCPFlags' respectively.
>> b) Simply put your blacklist entries in the ALL section of the rules file.
>>
>> This way, you can have dozens of blacklists and invoke them as appropriate.
>>
>> You would implement each blacklist as an action, so that CONTINUE would work like 'whitelist'.
>>
>> After all blacklist/whitelist processing, you could invoke DropSmurfs and/or TCPFlags if desired.
>>
>> We don't need a 'maclist' action since maclist processing can be trivially implemented in rules already.
>>
> I don't see why I should be mixing up blacklist/whitelist entries with
> what I have implemented in the rules file, let alone messing up with
> unnecessary actions, CONTINUEs and the like. For what? Who is going to
> maintain that - you, perhaps?
>
> We've been through this before, haven't we - if you can't be arsed
> implementing a proper blacklist, then why didn't you just say so from
> the beginning (it is perfectly OK!), so that I don't continue wasting my
> time making "complex" requests or ask "difficult" questions?

It's settled then -- blacklisting will remain as it is.

-Tom

Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

This message: [ Message body ]
Next message: Tom Eastep: "Re: [Shorewall-devel] Shorewall 4.4.24 Beta 3"
Previous message: Mr Dash Four: "Re: [Shorewall-devel] zone-dependent blacklist/whitelist"
In reply to: Mr Dash Four: "Re: [Shorewall-devel] zone-dependent blacklist/whitelist"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]