Re: [Fwbuilder-discussion] single-entry add/delete of IPSET lists? external IPSET files?
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] single-entry add/delete of IPSET lists? external IPSET files?
|
From: Ben DJ <ben...@gm...> - 2010-08-03 03:07:35
|
On Mon, Aug 2, 2010 at 7:19 PM, Vadim Kurland <va...@vk...> wrote: > Hi Ben, > I have this in the latest build of 4.1. Here is what I've done: > - if you leave file name blank in the run-time Address Table object, > generated script will use the ipset but will not try to load addresses from > the data file. Management of the set is left for the administrator to do > outside of the fwbuilder script. I created two RunTime AddressTables, with NO filename, named "GEO_IP" & "GEO_CIDR". i created a Rule (#7) in FWB (how do we cut-n-paste a single Rule from the GUI for 'sharing' in lists?), Source: GEO_IP, GEO_CIDR Destination: Any Service: Any Interface: All Direction: Inbound Action: DENY When I try to compile the rule, I get: fw_linode / Policy / rule 7 $IPTABLES -N In_RULE_7 $IPTABLES -A INPUT -m set --set GEO_CIDR src -j In_RULE_7 # fw_linode:Policy:7: error: File not found for Address Table: GEO_IP () Using dummy address in test mode $IPTABLES -A INPUT -s 192.0.2.0/24 -j In_RULE_7 $IPTABLES -A FORWARD -i + -m set --set GEO_CIDR src -j In_RULE_7 # fw_linode:Policy:7: error: File not found for Address Table: GEO_IP () Using dummy address in test mode $IPTABLES -A FORWARD -i + -s 192.0.2.0/24 -j In_RULE_7 $IPTABLES -A In_RULE_7 -j LOG --log-level error --log-prefix "RULE 7 -- DENY " $IPTABLES -A In_RULE_7 -j DROP Of course, @compile fw, I get a 'fail' with Fatal Error. Ben |