[Firehol-support] What means TRAP-OUT
Tsaousis, Costa
costa at tsaousis.gr
Thu Mar 2 19:17:27 GMT 2017
Hi,
Since you use a blacklist in full mode, IN means inbound traffic matched
and OUT means outbound traffic matched.
So, OUT logs mean your hosts tried to talk to blacklisted IPs.
Costa
On Wed, Mar 1, 2017 at 10:07 PM, Jonathan Baecker <jonbae77 at gmail.com>
wrote:
> Hello,
>
> sorry when this is a stupid question but I wonder me, what TRAP-OUT means
> in the context of a blacklist, blocked with ipset.
>
> My setup is:
>
> with a shell script I fishing all IPs out, what fail2ban had in recidive
> chain and put them in a text file. With firehol I build a ipset blacklist
> rule:
>
> ipset4 create custom_blacklist hash:ip
> ipset4 addfile custom_blacklist
> "/etc/firehol/ipsets/custom-blacklist.txt"
>
> blacklist4 full log "CUSTOM BLACKLIST TRAP" \
> ipset:custom_blacklist except src ipset:whitelist
>
> Now I get in the log file some messages whit TRAP-IN, I think that is
> normal when a listed IP try to connect. But I also get some TRAP-OUT logs,
> more then one time, with the source IP from my server and a destination IP
> from a blacklisted IP.
>
> Can you give me short tip about this?
>
>
> Regards
>
> Jonathan
>
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
More information about the Firehol-support
mailing list