Add 'logdrop' and 'logreject' commands for dynamic blacklisting with logging

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3716 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2006-03-23 16:47:07 +00:00 · 2006-03-23 16:47:07 +00:00 · fd4db81725
commit fd4db81725
parent f0372d9209
2 changed files with 48 additions and 2 deletions
--- a/docs/blacklisting_support.xml
+++ b/docs/blacklisting_support.xml
@ -15,10 +15,10 @@
      </author>
    </authorgroup>

-    <pubdate>2005-08-28</pubdate>
+    <pubdate>2006-03-23</pubdate>

    <copyright>
-      <year>2002-2005</year>
+      <year>2002-2006</year>

      <holder>Thomas M. Eastep</holder>
    </copyright>
@ -191,6 +191,27 @@ ipset -B Blacklist 206.124.146.177 -b SMTP</programlisting>
      </listitem>
    </itemizedlist>

+    <para>If you are running Shorewall 3.2.0 Beta2 or later, there are two
+    additional commands:</para>
+
+    <itemizedlist>
+      <listitem>
+        <para>logdrop <emphasis>&lt;ip address list&gt;</emphasis> - causes
+        packets from the listed IP addresses to be dropped and logged by the
+        firewall. Logging will occur at the level specified by the
+        BLACKLIST_LOGLEVEL setting at the last [re]start (logging will be at
+        the 'info' level if no BLACKLIST_LOGLEVEL was given).</para>
+      </listitem>
+
+      <listitem>
+        <para>logreject <emphasis>&lt;ip address list&gt;</emphasis> - causes
+        packets from the listed IP addresses to be rejected and logged by the
+        firewall. Logging will occur at the level specified by the
+        BLACKLIST_LOGLEVEL setting at the last [re]start (logging will be at
+        the 'info' level if no BLACKLIST_LOGLEVEL was given).</para>
+      </listitem>
+    </itemizedlist>
+
    <para>Dynamic blacklisting is not dependent on the
    <quote>blacklist</quote> option in
    <filename>/etc/shorewall/interfaces</filename>.</para>
--- a/docs/starting_and_stopping_shorewall.xml
+++ b/docs/starting_and_stopping_shorewall.xml
@ -843,6 +843,18 @@
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term>logdrop</term>
+
+        <listitem>
+          <para><command>shorewall logdrop &lt;address&gt;
+          ...</command></para>
+
+          <para>Causes packets from the specified
+          &lt;<emphasis>address</emphasis>&gt; to be ignored and logged</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term>logwatch</term>

@ -857,6 +869,19 @@
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term>logreject</term>
+
+        <listitem>
+          <para><command>shorewall logreject &lt;address&gt;
+          ...</command></para>
+
+          <para>Causes packets from the specified
+          &lt;<emphasis>address</emphasis>&gt; to be rejected and
+          logged</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term>refresh</term>