--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libpam-shield: support for blocking addresses through shorewall/shorewall6
- From: Michael Fladischer <FladischerMichael@fladi.at>
- Date: Wed, 27 Jun 2012 15:58:12 +0200
- Message-id: <20120627135812.29195.95912.reportbug@root.fladi.at>
Package: libpam-shield
Version: 0.9.2-3.3
Severity: wishlist
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Maintainer,
I've written a small script to support blocking addresses through
shorewall/shorewall6 instead of directly through iptables.
Due to the missing upstream page (http://www.ka.sara.nl/home/walter/pam_shield/) I'd like to propose it's inclusion here.
If you as the maintainer are in contact with the upstream author, could
you please forward it? I think it would be useful to some people.
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libpam-shield depends on:
ii libc6 2.13-33
ii libgdbm3 1.8.3-11
ii libpam0g 1.1.3-7.1
libpam-shield recommends no packages.
Versions of packages libpam-shield suggests:
ii iproute 20120521-3
ii iptables 1.4.14-2
- -- Configuration Files:
/etc/security/shield.conf changed [not included]
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk/rEXIACgkQeJ3z1zFMUGZBFQCfTCan9ovAs9F5Z0cpPp3YdnQh
TBgAn0v0FiJUlR/e1/F/wELg4O+KBDqf
=VSfO
-----END PGP SIGNATURE-----
#! /bin/sh
#
# shield-trigger-shorewall
#
# Copyright (C) 2012 Michael Fladischer <michael@fladi.at>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
usage() {
echo "Usage: ${0##*/} [add|del] <IP number>"
echo "$0 is normally called by the pam_shield PAM module"
exit 1
}
PATH=/sbin:/usr/sbin:/bin:/usr/bin
if [ -z "$2" ]
then
usage
fi
# lousy detection of IPv4 or IPv6 address
IPT=`echo "$2" | sed 's/[0ma-9\.]//g'`
if [ -z "$IPT" ]
then
SHOREWALL=/sbin/shorewall
else
SHOREWALL=/sbin/shorewall6
fi
if [ ! -x $SHOREWALL ]; then
echo "Shorewall binary not found at $SHOREWALL."
echo "Maybe you need to run 'aptitude install shorewall'."
exit1
fi
case "$1" in
add)
logger -i -t shield-trigger -p auth.info "blocking $2"
$SHOREWALL reject $2
;;
del)
logger -i -t shield-trigger -p auth.info "unblocking $2"
$SHOREWALL allow $2
;;
*)
usage
;;
esac
# EOB
--- End Message ---