[Shorewall-users] Is is possible to do "shorewall reject 1.1.1.1 tcp 25"

Ben Greiner bgreiner at uni-koeln.de
Sat Feb 12 10:26:42 PST 2005


On 12.02.2005 05:24, Alex Martin wrote:

> Ben Greiner wrote:
>
>> I didn't tried it, but what I would do is:
>>
>> - creating a new zone, let's say "rsmtp"
>>
>> - creating a rule that for hosts in this zone smtp access should be 
>> rejected
>>
>> - dynamically adding hosts to this zone via shorewall add
>
>
> Great idea!
>
> I guess, then, is there a way to extract the hosts that have been 
> dynamically added to this zone, so I could populate a static list that 
> could be used for the blacklist file when i do a shorewall restart?
>

shorewall show zones

For a different purpose, I use php to format the output. This looks like 
the following function. the global var $shorewall_zones is an array of 
zone names which I would like to have in the output of the function, set 
in my config files. The function returns an array of these zones, where 
each zone itself is represented by an array of the hosts in it.

function shorewall__read_zones() {
        global $shorewall__zones;

        $done=exec('sudo /sbin/shorewall show zones',$zonestext,$rvar);
        $i=0; $zone=none; $zones=array();
        foreach ($zonestext as $entry) {
                if (substr($entry,0,1)==" ") 
$zones[$zone][trim($entry)]=true;
                else $zone=trim($entry);
                }
        $realzones=array();
        foreach ($zones as $zname=>$zarray) {
                if (in_array($zname,$shorewall__zones)) 
$realzones[$zname]=$zarray;
                }
        return $realzones;
}

/ben

>



More information about the Shorewall-users mailing list