:dunno:This question might be easier to answer if I actually knew what I was talking about.... :dunno: :dunno:
OS Ubuntu 9.04
Anyway;
I recently installed shorewall firewall and have it configured and working (at a basic level) but when I run the command
I get the following output;
Ok, most of that list is no concern to me at the moment because, well I don't know what half of it is and one thing at a time, but
IP range Match: Not available
This is an issue and http://www.shorewall.net/configuration_file_basics.htm#IPRanges is only helpful if it says 'Available' so I have done a lot of reading and lots of references refer to the kernel and a need to initiate kernel / iptables range ability via some 'menu', setting to 'M' and I think this might occur during OS install process?.
Question;
How can I 'enable IP range'?
Obviously banning a dynamic IP block 1 ip at a time is not practical.
btw as for firewalls and the vps, shorewall was by far the easiest to get up and running and after installing webmin the task of administration is a lot simpler and less terminal intensive!
OS Ubuntu 9.04
Anyway;
I recently installed shorewall firewall and have it configured and working (at a basic level) but when I run the command
Code:
shorewall show capabilities
Code:
root@localhost:/# shorewall show capabilities
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Not available
New Connection Tracking Match Syntax: Not available
Packet Type Match: Not available
Policy Match: Not available
Physdev Match: Not available
Physdev-is-bridged Support: Not available
Packet length Match: Available
IP range Match: Not available
Recent Match: Not available
Owner Match: Not available
Ipset Match: Not available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Not available
IPP2P Match: Not available
CLASSIFY Target: Not available
Extended REJECT: Available
Repeat match: Not available
MARK Target: Not available
Mangle FORWARD Chain: Available
Comments: Not available
Address Type Match: Not available
TCPMSS Match: Available
Hashlimit Match: Not available
NFQUEUE Target: Not availableOk, most of that list is no concern to me at the moment because, well I don't know what half of it is and one thing at a time, but
IP range Match: Not available
This is an issue and http://www.shorewall.net/configuration_file_basics.htm#IPRanges is only helpful if it says 'Available' so I have done a lot of reading and lots of references refer to the kernel and a need to initiate kernel / iptables range ability via some 'menu', setting to 'M' and I think this might occur during OS install process?.
Question;
How can I 'enable IP range'?
Obviously banning a dynamic IP block 1 ip at a time is not practical.
btw as for firewalls and the vps, shorewall was by far the easiest to get up and running and after installing webmin the task of administration is a lot simpler and less terminal intensive!