Update shorewall.conf

add more options to shorewall and enable the use of ipset
2025-06-05 11:09:21 +02:00 · 2025-06-05 11:09:21 +02:00 · c9f008aac7
parent cfa3356e0f
commit c9f008aac7
1 changed files with 7 additions and 3 deletions
--- a/config/action.d/shorewall.conf
+++ b/config/action.d/shorewall.conf
@ -12,7 +12,11 @@
 # file should be modified with "BLACKLISTNEWONLY=No". Note that as of
 # Shorewall 4.5.13 BLACKLISTNEWONLY is deprecated; however the equivalent
 # of BLACKLISTNEWONLY=No can now be achieved by setting BLACKLIST="ALL".
-# 
+# you can check the list using "shorewall show bl"
+#
+# Enabling using ipset for shorewall on a single list is a more easy and more efective
+# change blocktype = blacklist
+# enable on shorewall.comf to "DYNAMIC_BLACKLIST=ipset,disconnect,timeout=0"  

 [Definition]

@ -60,9 +64,9 @@ family =

 # Option:  blocktype
 # Note:    This is what the action does with rules.
-#          See man page of shorewall for options that include drop, logdrop, reject, or logreject
+#          See man page of shorewall for options that include drop, logdrop, reject, blacklist, or logreject
 # Values:  STRING
-blocktype = reject
+blocktype = blacklist

 [Init?family=inet6]