quick blacklist and blacklist do not work, other fw rules (user rules) works perfectly

[ecomstation]

Hi,

blacklisting an IP has no effect: e.g. "blacklist.cnf" MANUAL<177.19.235.111>0001 Source = "177.19.235.111", Direction = Bidirectional, DNS-Lookup-Info = "177.19.235.111.static.gvt.net.br"

IP configuration:

'@ifconfig lan0 'srv1_ip' netmask 255.255.255.248' '@ifconfig lan0 'srv1_ip3' netmask 255.255.255.0 alias' '@ifconfig lan1 'srv1_ip2' netmask 255.255.255.248' '@ifconfig lo 127.0.0.1' '@ifconfig lan0 mtu 1500' '@ifconfig lan1 mtu 1500' '@route add default 'router_ip' -hopcount 1'

protocol.ini

[PROT_MAN]

DRIVERNAME = PROTMAN$

[IBMLXCFG]

fxwrap_nif = fxwrap.nif tcpip_nif = tcpip.nif IBMGU_nif = IBMGU.NIF B57_nif = B57.nif

[fxwrap_nif]

DriverName = FXWRAP1$ Bindings = IBMGU_nif

[FXWRAP_NIF2]

DriverName = FXWRAP2$ Bindings = B57_nif

[tcpip_nif]

DriverName = TCPIP$ Bindings = FXWRAP_nif,FXWRAP_nif2

[IBMGU_nif]

DriverName = IBMGU$ RXBUFFERS = 64 RxBufferSize = 8192 TXBUFFERS = 32 TxBufferSize = 8192

[B57_nif]

DriverName = B57$

config.sys FW's part:

DEVICE=C:\IBMCOM\MACS\IBMGU.OS2 DEVICE=C:\IBMCOM\PROTOCOL\FXWRAP.SYS

DEVICE=C:\IBMCOM\MACS\B57.OS2 DEVICE=C:\IBMCOM\PROTOCOL\FXWRAP.SYS

FW setup:

sec-level: LEVEL5 Allow by nat: ON stealth: off firewall logging: ON dyn fw feat: OFF (if i turn it on i've other problems, see ticket 9) safe mail: off traffic shaping: off

let me know if you need other info configuration sent by email

massimo

[SilvanScherrer]

As told by mail. blacklist has no affect, if dynamic firewall is off. so please turn it on. Also look at issue #9

[ecomstation]

Il 02/07/2013 12:28, Silvan Scherrer ha scritto:

As told by mail. blacklist has no affect, if dynamic firewall is off. so please turn it on. Also look at issue #9 https://github.com/bitwiseworks/InJoy/issues/9

— Reply to this email directly or view it on GitHub https://github.com/bitwiseworks/InJoy/issues/22#issuecomment-20338057.

turned on dynamic fw features, i've black list the ip of a customer'ip but from it's lan i'm still downloading emails, so the bl has no effect :(

MANUAL<80.86.54.48>0002 Source = "80.86.54.48", Direction = Bidirectional, DNS-Lookup-Info = "netaround80g48.cdh.it"

Massimo Sangriso IT Consulting IBM Certified Systems Expert http://www.ecomstation.it/

Prima di stampare questo e-mail pensa se e' veramente necessario, ci sono sempre meno alberi. Please consider the environment before printing this e-mail.

Le informazioni contenute in questo messaggio di posta elettronica sono riservate e confidenziali e ne è vietata la diffusione in qualunque modo eseguita. Qualora Lei non fosse la persona a cui il presente messaggio è destinato La invitiamo ad eliminarlo e a non leggerlo, dandocene gentilmente comunicazione.

The information contained in this e-mail and any attachments are confidential and may also be privileged. If you are not named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium.

[ecomstation]

Il 04/07/2013 17:14, Massimo Sangriso ha scritto:

Il 02/07/2013 12:28, Silvan Scherrer ha scritto:

As told by mail. blacklist has no affect, if dynamic firewall is off. so please turn it on. Also look at issue #9 https://github.com/bitwiseworks/InJoy/issues/9

— Reply to this email directly or view it on GitHub https://github.com/bitwiseworks/InJoy/issues/22#issuecomment-20338057.

turned on dynamic fw features, i've black list the ip of a customer'ip but from it's lan i'm still downloading emails, so the bl has no effect :(

MANUAL<80.86.54.48>0002 Source = "80.86.54.48", Direction = Bidirectional, DNS-Lookup-Info = "netaround80g48.cdh.it"

Is it possible that some "wrong" rule is blocking this feature?

Massimo Sangriso IT Consulting IBM Certified Systems Expert http://www.ecomstation.it/

Prima di stampare questo e-mail pensa se e' veramente necessario, ci sono sempre meno alberi. Please consider the environment before printing this e-mail.

Le informazioni contenute in questo messaggio di posta elettronica sono riservate e confidenziali e ne è vietata la diffusione in qualunque modo eseguita. Qualora Lei non fosse la persona a cui il presente messaggio è destinato La invitiamo ad eliminarlo e a non leggerlo, dandocene gentilmente comunicazione.

The information contained in this e-mail and any attachments are confidential and may also be privileged. If you are not named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium.

[SilvanScherrer]

I also needed this feature a couple of times in the last weeks, and it always worked. So I wonder a bit. After you added the manual blacklist rule, did you reload the config? Did you see the rule in the rule monitor?

[SilvanScherrer]

no more answer from the reporter, so closing it