Is there a HOWTO for using direct chain to add to the drop zone dynamically? Or am I on the wrong track?
I want to dynamically add IPs to the firewall to drop. I run a script that parses log files to find IPs that are abusing the system and drop them. Currently I am stuck on Fedora 16 on the active server because of familiarity with iptables. I really want to move to Fedora 20, but I need to adapt my script to use firewalld before I do.
I'll be glad to read the documentation, but a hand up and a point in the right direction would be appreciated.
Regards, John
On 01/24/2014 09:24 AM, Thomas Woerner wrote:
On 01/24/2014 03:10 PM, John Griffiths wrote:
In August of last year, I was told on the list to use ipsets to add ips to the drop list.
Seeing all the traffic on direct chain, should I be going this direction now?
It is good to go in this direction for separation, but it is not a requirement.
I will be having a look at network address sets (ipset) support in firewalld again. I am also thinking about the possibility to support externally generated ipsets.
Regards, John _______________________________________________ firewalld-users mailing list firewalld-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/firewalld-users
Regards, Thomas _______________________________________________ firewalld-users mailing list firewalld-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/firewalld-users