With blocking of DSHIELD enabled, many addresses in the DSHIELD ranges are indeed actually blocked (as can be seen in file "dropped_by_iptables.txt"). Also, many packets show as dropped by DROP_DSHIELD in nightly Log Summary data in the "iptables firewall" section.
However many others that should be blocked (based on how I read DSHIELD.conf) are not getting blocked. I left emerging-dshield.rules enabled so you can see those addresses that should have been blocked but are making it through iptables to Snort and Guardian by viewing the attached snort alerts and guardian log files.
jneb1980
commented
5 years ago
With blocking of DSHIELD enabled, many addresses in the DSHIELD ranges are indeed actually blocked (as can be seen in file "dropped_by_iptables.txt"). Also, many packets show as dropped by DROP_DSHIELD in nightly Log Summary data in the "iptables firewall" section.
However many others that should be blocked (based on how I read DSHIELD.conf) are not getting blocked. I left emerging-dshield.rules enabled so you can see those addresses that should have been blocked but are making it through iptables to Snort and Guardian by viewing the attached snort alerts and guardian log files.
DSHIELD.conf.txt dropped_by_iptables.txt snort_alert.txt guardian_dshield.txt