From fd4db81725a02fd19f5bf151c5eb32590f839be5 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 23 Mar 2006 16:47:07 +0000
Subject: [PATCH] Add 'logdrop' and 'logreject' commands for dynamic
 blacklisting with logging

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3716 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 docs/blacklisting_support.xml            | 25 ++++++++++++++++++++++--
 docs/starting_and_stopping_shorewall.xml | 25 ++++++++++++++++++++++++
 2 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/docs/blacklisting_support.xml b/docs/blacklisting_support.xml
index 0bc157217..5bfa95128 100644
--- a/docs/blacklisting_support.xml
+++ b/docs/blacklisting_support.xml
@@ -15,10 +15,10 @@
       </author>
     </authorgroup>
 
-    <pubdate>2005-08-28</pubdate>
+    <pubdate>2006-03-23</pubdate>
 
     <copyright>
-      <year>2002-2005</year>
+      <year>2002-2006</year>
 
       <holder>Thomas M. Eastep</holder>
     </copyright>
@@ -191,6 +191,27 @@ ipset -B Blacklist 206.124.146.177 -b SMTP</programlisting>
       </listitem>
     </itemizedlist>
 
+    <para>If you are running Shorewall 3.2.0 Beta2 or later, there are two
+    additional commands:</para>
+
+    <itemizedlist>
+      <listitem>
+        <para>logdrop <emphasis>&lt;ip address list&gt;</emphasis> - causes
+        packets from the listed IP addresses to be dropped and logged by the
+        firewall. Logging will occur at the level specified by the
+        BLACKLIST_LOGLEVEL setting at the last [re]start (logging will be at
+        the 'info' level if no BLACKLIST_LOGLEVEL was given).</para>
+      </listitem>
+
+      <listitem>
+        <para>logreject <emphasis>&lt;ip address list&gt;</emphasis> - causes
+        packets from the listed IP addresses to be rejected and logged by the
+        firewall. Logging will occur at the level specified by the
+        BLACKLIST_LOGLEVEL setting at the last [re]start (logging will be at
+        the 'info' level if no BLACKLIST_LOGLEVEL was given).</para>
+      </listitem>
+    </itemizedlist>
+
     <para>Dynamic blacklisting is not dependent on the
     <quote>blacklist</quote> option in
     <filename>/etc/shorewall/interfaces</filename>.</para>
diff --git a/docs/starting_and_stopping_shorewall.xml b/docs/starting_and_stopping_shorewall.xml
index fe2b097d5..68045e7bf 100644
--- a/docs/starting_and_stopping_shorewall.xml
+++ b/docs/starting_and_stopping_shorewall.xml
@@ -843,6 +843,18 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>logdrop</term>
+
+        <listitem>
+          <para><command>shorewall logdrop &lt;address&gt;
+          ...</command></para>
+
+          <para>Causes packets from the specified
+          &lt;<emphasis>address</emphasis>&gt; to be ignored and logged</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>logwatch</term>
 
@@ -857,6 +869,19 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>logreject</term>
+
+        <listitem>
+          <para><command>shorewall logreject &lt;address&gt;
+          ...</command></para>
+
+          <para>Causes packets from the specified
+          &lt;<emphasis>address</emphasis>&gt; to be rejected and
+          logged</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>refresh</term>