Is there a HOWTO for using direct chain to add to the drop zone
dynamically? Or am I on the wrong track?
I want to dynamically add IPs to the firewall to drop. I run a script
that parses log files to find IPs that are abusing the system and drop
them. Currently I am stuck on Fedora 16 on the active server because of
familiarity with iptables. I really want to move to Fedora 20, but I
need to adapt my script to use firewalld before I do.
I'll be glad to read the documentation, but a hand up and a point in the
right direction would be appreciated.
Regards,
John
On 01/24/2014 09:24 AM, Thomas Woerner wrote:
On 01/24/2014 03:10 PM, John Griffiths wrote:
> In August of last year, I was told on the list to use ipsets to add ips
> to the drop list.
>
> Seeing all the traffic on direct chain, should I be going this direction
> now?
>
It is good to go in this direction for separation, but it is not a
requirement.
I will be having a look at network address sets (ipset) support in
firewalld again. I am also thinking about the possibility to support
externally generated ipsets.
> Regards,
> John
> _______________________________________________
> firewalld-users mailing list
> firewalld-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/firewalld-users
Regards,
Thomas
_______________________________________________
firewalld-users mailing list
firewalld-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/firewalld-users