[Gllug] Dynamic firewall rules

Richard Jones rich at annexia.org
Mon Aug 16 11:38:38 UTC 2004

On Mon, Aug 16, 2004 at 11:25:35AM +0100, Jon Dye wrote:
> Does anyone know of a program that can moitor logs and add rules to my 
> firewall based on what it finds?  I think such a program exists and I 
> don't want to create my own if there is already one out there but I 
> havn't been able to find one.
> My main reason for this is to block specific IPs after login attempts to 
> unknown users.

No, but I recently scripted something like this for a client.

Very simply, I had a setuid program which took a single IP address
as a command-line argument and executed:

  iptables -A INPUT -s $ip_address -j DROP

It had a few safeguards, obviously, such as strict checking that the
IP address had the correct format, and having a whitelist of IPs which
could never be blocked.

Then I arranged for this script to be called from various places.  In
particular, it was called from a CGI script hidden in a directory
which was "protected" by an entry in 'robots.txt'.  The idea was to
catch spam harvesters which don't obey 'robots.txt' rules.  An
invisible link from the main page, and some human-readable text
explaining what would happen to people who clicked on the CGI script
completed the protection.


Richard Jones. http://www.annexia.org/ http://www.j-london.com/
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
Perl4Caml lets you use any Perl library in your type-safe Objective
CAML programs. http://www.merjis.com/developers/perl4caml/
Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list