[Firehol-support] What means TRAP-OUT

Tsaousis, Costa costa at tsaousis.gr
Thu Mar 2 19:17:27 GMT 2017


Since you use a blacklist in full mode, IN means inbound traffic matched
and OUT means outbound traffic matched.
So, OUT logs mean your hosts tried to talk to blacklisted IPs.


On Wed, Mar 1, 2017 at 10:07 PM, Jonathan Baecker <jonbae77 at gmail.com>

> Hello,
> sorry when this is a stupid question but I wonder me, what TRAP-OUT means
> in the context of a blacklist, blocked with ipset.
> My setup is:
> with a shell script I fishing all IPs out, what fail2ban had in recidive
> chain and put them in a text file. With firehol I build a ipset blacklist
> rule:
>    ipset4 create custom_blacklist hash:ip
>    ipset4 addfile custom_blacklist
>    "/etc/firehol/ipsets/custom-blacklist.txt"
>    blacklist4 full log "CUSTOM BLACKLIST TRAP" \
>         ipset:custom_blacklist except src ipset:whitelist
> Now I get in the log file some messages whit TRAP-IN, I think that is
> normal when a listed IP try to connect. But I also get some TRAP-OUT logs,
> more then one time, with the source IP from my server and a destination IP
> from a blacklisted IP.
> Can you give me short tip about this?
> Regards
> Jonathan
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support

More information about the Firehol-support mailing list