bytemark-vhost-firewall (2009.1019-1) stable; urgency=low

  * Supply empty local.d/ and whitelist.d/ directories by default.
    * Log to syslog any IPs which we've temporarily blacklisted.

     -- Steve Kemp <steve@bytemark.co.uk>  Mon, 19 Oct 2009 14:32:21
        +0000

firewall/bin/firewall-blacklist

@@ -89,8 +89,10 @@ use strict;
 use warnings;
 
 use English;
+use File::Basename;
 use Getopt::Long;
 use Pod::Usage;
+use Sys::Syslog;
 
 
 
@@ -486,6 +488,12 @@ sub processRules
     #
     #
 
+    #
+    #  Open syslog for logging purposes
+    #
+    my $prog = basename($0);
+    openlog($prog, 'pid', 'user');
+
 
     my $count = 0;
     foreach my $ip ( keys %BLACKLIST )
@@ -528,6 +536,9 @@ sub processRules
                     close(LOG);
 
                     $CONFIG{ 'verbose' } && print "Blacklisting: $ip\n";
+
+                    syslog('info', "Blacklisting IP: $ip" );
+
                     $count += 1;
                 }
                 else
@@ -545,6 +556,12 @@ sub processRules
         }
     }
 
+    #
+    # Close syslog
+    #
+    closelog();
+
+
 
     #
     #  Return the count of IPs we blacklisted.

firewall/debian/changelog

+bytemark-vhost-firewall (2009.1019-1) stable; urgency=low
+
+  * Supply empty local.d/ and whitelist.d/ directories by default.
+  * Log to syslog any IPs which we've temporarily blacklisted.
+
+ -- Steve Kemp <steve@bytemark.co.uk>  Mon, 19 Oct 2009 14:32:21 +0000
+
 bytemark-vhost-firewall (2009:1009-1) stable; urgency=low
 
   * Our blacklist application now can block on a per-port basis, and

firewall/debian/dirs

@@ -4,6 +4,8 @@ etc/network/if-up.d
 etc/network/if-down.d
 usr/share/man/man1
 etc/firewall/incoming.d/
+etc/firewall/local.d/
 etc/firewall/outgoing.d/
 etc/firewall/blacklist.d/
-etc/firewall/patterns.d/
\ No newline at end of file
+etc/firewall/patterns.d/
+etc/firewall/whitelist.d/