Add support for blocking subnets in firewall backends.

Merged
#31 · Created  · Last updated

Merged pull request

Add support for blocking subnets in firewall backends.

  • 05477fc
  • Author:
  • Closed by:
  • 2017-08-19

Description

Defaults to blocking single addresses. Configurable with new IPV6_SUBNET and IPV4_SUBNET configuration options.

Also introduce two new flag options, -N and -n, to pass subnet sizes to backend but these are undocumented in favor of config files.

FirewallD backend uses ipset command to flush rather than recreate the ipset with FirewallD tools. Reloads firewall configuration less often.

Partially resolves issue #69. Subnet based attack source matching not included in this work, only blocking.

0 attachments

Loading commits...