On 01/24/2014 08:50 PM, John Griffiths wrote:
Is there a HOWTO for using direct chain to add to the drop zone
dynamically? Or am I on the wrong track?
We do not have support for direct chains/rules within zones right now.
You can use the direct interface to add rules also to zones. It is not
forbidden, but you have to take care that you are not damaging other
rules by doing so.
I want to dynamically add IPs to the firewall to drop. I run a
script
that parses log files to find IPs that are abusing the system and drop
them. Currently I am stuck on Fedora 16 on the active server because of
familiarity with iptables. I really want to move to Fedora 20, but I
need to adapt my script to use firewalld before I do.
I'll be glad to read the documentation, but a hand up and a point in the
right direction would be appreciated.
Regards,
John
On 01/24/2014 09:24 AM, Thomas Woerner wrote:
> On 01/24/2014 03:10 PM, John Griffiths wrote:
>> In August of last year, I was told on the list to use ipsets to add ips
>> to the drop list.
>>
>> Seeing all the traffic on direct chain, should I be going this direction
>> now?
>>
> It is good to go in this direction for separation, but it is not a
> requirement.
>
> I will be having a look at network address sets (ipset) support in
> firewalld again. I am also thinking about the possibility to support
> externally generated ipsets.
>
>> Regards,
>> John
>> _______________________________________________
>> firewalld-users mailing list
>> firewalld-users(a)lists.fedorahosted.org
>>
https://lists.fedorahosted.org/mailman/listinfo/firewalld-users
> Regards,
> Thomas
> _______________________________________________
> firewalld-users mailing list
> firewalld-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/firewalld-users
_______________________________________________
firewalld-users mailing list
firewalld-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/firewalld-users
Regards,
Thomas