LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-22-2012, 06:48 PM   #1
suChris
Member
 
Registered: Nov 2009
Distribution: Slackware 13
Posts: 56

Rep: Reputation: 15
Shorewall Blacklisting help


Greetings

I have been trying to blacklist some IP addresses on my 13.37 slackware setup on my home laptop.

Here is what I have on each of my configuration files of shorewall:

/etc/shorewall/interfaces:
Code:
#ZONE	INTERFACE	BROADCAST	OPTIONS
net      wlan0           detect		blacklist,dhcp
net	 eth0		 detect		blacklist,dhcp
/etc/shorewall/zones:
Code:
#ZONE	TYPE		OPTIONS		IN			OUT
#					OPTIONS			OPTIONS
fw	firewall
net	ipv4
/etc/shorewall/policy:
Code:
#SOURCE		DEST		POLICY		LOG	LIMIT:		CONNLIMIT:
#						LEVEL	BURST		MASK
fw     		net             ACCEPT
net             all             DROP		info
all		all		REJECT		info
/etc/shorewall/shorewall.conf
Code:
###############################################################################
#
#  Shorewall Version 4 -- /etc/shorewall/shorewall.conf
#
#  For information about the settings in this file, type "man shorewall.conf"
#
#  Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html
###############################################################################
#		       S T A R T U P   E N A B L E D
###############################################################################

STARTUP_ENABLED=Yes

###############################################################################
#		              V E R B O S I T Y
###############################################################################

VERBOSITY=1

###############################################################################
#		                L O G G I N G
###############################################################################

BLACKLIST_LOGLEVEL=

LOG_MARTIANS=Yes

LOG_VERBOSITY=2

LOGALLNEW=

LOGFILE=/var/log/messages

LOGFORMAT="Shorewall:%s:%s:"

LOGTAGONLY=No

LOGLIMIT=

MACLIST_LOG_LEVEL=info

RELATED_LOG_LEVEL=

SFILTER_LOG_LEVEL=info

SMURF_LOG_LEVEL=info

STARTUP_LOG=/var/log/shorewall-init.log

TCP_FLAGS_LOG_LEVEL=info

###############################################################################
#	L O C A T I O N	  O F	F I L E S   A N D   D I R E C T O R I E S
###############################################################################

CONFIG_PATH="/etc/shorewall:/usr/share/shorewall"

IPTABLES=/usr/local/sbin/iptables

IP=/sbin/ip

IPSET=/usr/sbin/ipset

MODULESDIR=

PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"

PERL=/usr/bin/perl

RESTOREFILE=restore

SHOREWALL_SHELL=/bin/sh

SUBSYSLOCK=/var/lock/subsys/shorewall

TC=

###############################################################################
#		D E F A U L T   A C T I O N S / M A C R O S
###############################################################################

ACCEPT_DEFAULT=none
DROP_DEFAULT=Drop
NFQUEUE_DEFAULT=none
QUEUE_DEFAULT=none
REJECT_DEFAULT=Reject

###############################################################################
#                        R S H / R C P  C O M M A N D S
###############################################################################

RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'

###############################################################################
#			F I R E W A L L	  O P T I O N S
###############################################################################

ACCOUNTING=Yes

ACCOUNTING_TABLE=filter

ADD_IP_ALIASES=No

ADD_SNAT_ALIASES=No

ADMINISABSENTMINDED=Yes

AUTO_COMMENT=Yes

AUTOMAKE=No

BLACKLISTNEWONLY=Yes

CLAMPMSS=No

CLEAR_TC=Yes

COMPLETE=No

DELETE_THEN_ADD=Yes

DETECT_DNAT_IPADDRS=No

DISABLE_IPV6=No

DONT_LOAD=

DYNAMIC_BLACKLIST=Yes

EXPAND_POLICIES=Yes

EXPORTMODULES=Yes

FASTACCEPT=No

FORWARD_CLEAR_MARK=

IMPLICIT_CONTINUE=No

IP_FORWARDING=On

KEEP_RT_TABLES=No

LEGACY_FASTSTART=Yes

LOAD_HELPERS_ONLY=No

MACLIST_TABLE=filter

MACLIST_TTL=

MANGLE_ENABLED=Yes

MAPOLDACTIONS=No

MARK_IN_FORWARD_CHAIN=No

MODULE_SUFFIX=ko

MULTICAST=No

MUTEX_TIMEOUT=60

NULL_ROUTE_RFC1918=No

OPTIMIZE=0

OPTIMIZE_ACCOUNTING=No

REQUIRE_INTERFACE=No

RESTORE_DEFAULT_ROUTE=Yes

RETAIN_ALIASES=No

ROUTE_FILTER=No

SAVE_IPSETS=No

TC_ENABLED=Internal

TC_EXPERT=No

TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"

TRACK_PROVIDERS=No

USE_DEFAULT_RT=No

USE_PHYSICAL_NAMES=No

ZONE2ZONE=2

###############################################################################
#			P A C K E T   D I S P O S I T I O N
###############################################################################

BLACKLIST_DISPOSITION=REJECT

MACLIST_DISPOSITION=REJECT

RELATED_DISPOSITION=ACCEPT

SMURF_DISPOSITION=DROP

SFILTER_DISPOSITION=DROP

TCP_FLAGS_DISPOSITION=DROP

################################################################################
#			P A C K E T  M A R K  L A Y O U T
################################################################################

TC_BITS=

PROVIDER_BITS=

PROVIDER_OFFSET=

MASK_BITS=

ZONE_BITS=0

################################################################################
#                            L E G A C Y  O P T I O N
#                      D O  N O T  D E L E T E  O R  A L T E R
################################################################################

IPSECFILE=zones
/etc/shorewall/blacklist:
Code:
#ADDRESS/SUBNET		PROTOCOL	PORT	OPTIONS
XXX.XXX.XXX.XXX
Where X are random numbers of an IP address of any site I want to block out.

I start shorewall:
Code:
root@slack:/etc/shorewall# shorewall restart
Compiling...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Compiling /usr/share/shorewall/action.Drop for chain Drop...
Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast...
Compiling /usr/share/shorewall/action.Invalid for chain Invalid...
Compiling /usr/share/shorewall/action.NotSyn for chain NotSyn...
Compiling /usr/share/shorewall/action.Reject for chain Reject...
Compiling /etc/shorewall/policy...
Compiling /etc/shorewall/notrack...
Running /etc/shorewall/initdone...
Compiling /etc/shorewall/blacklist...
Adding rules for DHCP
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling MAC Filtration -- Phase 1...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
Creating iptables-restore input...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Restarting Shorewall....
Initializing...
Processing /etc/shorewall/init ...
Processing /etc/shorewall/tcclear ...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Proxy ARP...
Setting up Traffic Control...
Preparing iptables-restore input...
Running /usr/local/sbin/iptables-restore...
IPv4 Forwarding Enabled
Processing /etc/shorewall/start ...
Processing /etc/shorewall/started ...
done.
And then run this command to see if there is anything blacklisted:
Code:
root@slack:/etc/shorewall# shorewall list blacklst
Shorewall 4.4.27 Chain blacklst at slack - Mon Jan 23 02:15:44 EET 2012

Counters reset Mon Jan 23 02:14:19 EET 2012

Chain blacklst (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     all  --  *      *       XXX.XXX.XXX.XXX      0.0.0.0/0
But when I try to visit this IP from my web browser I can still get in. What am I doing wrong?

Thanks in advance

Last edited by XavierP; 01-23-2012 at 12:12 PM. Reason: Moved to Linux-Security
 
Old 01-23-2012, 10:23 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 1,934

Rep: Reputation: Disabled
I'm no expert on shorewall, but your rule seems to block traffic from the IP address in question (source), not traffic going to it.
 
  


Reply

Tags
blacklist, firewall, shorewall


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Using Rsyslog to redirect Shorewall messages but Shorewall is not a facility dman777 Linux - Software 2 01-02-2011 01:37 PM
pkgtool and blacklisting em21701 Slackware 1 01-28-2009 06:04 PM
Blacklisting dad Mandriva 1 07-01-2008 02:23 AM
shorewall config question with /etc/shorewall/rules peter72 Linux - Networking 3 01-01-2007 09:33 PM
Blacklisting hardware?? Jeebizz Slackware 11 01-20-2005 12:59 AM


All times are GMT -5. The time now is 05:08 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration