[Gllug] Dynamic firewall rules

Ian Norton bredroll at darkspace.org.uk
Mon Aug 16 17:12:53 UTC 2004


On Mon, 2004-08-16 at 12:38, Richard Jones wrote:
> On Mon, Aug 16, 2004 at 11:25:35AM +0100, Jon Dye wrote:
> > Does anyone know of a program that can moitor logs and add rules to my 
> > firewall based on what it finds?  I think such a program exists and I 
> > don't want to create my own if there is already one out there but I 
> > havn't been able to find one.
> > 
> > My main reason for this is to block specific IPs after login attempts to 
> > unknown users.
> 
> No, but I recently scripted something like this for a client.
> 
> Very simply, I had a setuid program which took a single IP address
> as a command-line argument and executed:
> 
>   iptables -A INPUT -s $ip_address -j DROP
> 
> It had a few safeguards, obviously, such as strict checking that the
> IP address had the correct format, and having a whitelist of IPs which
> could never be blocked.
> 
> Then I arranged for this script to be called from various places.  In
> particular, it was called from a CGI script hidden in a directory
> which was "protected" by an entry in 'robots.txt'.  The idea was to
> catch spam harvesters which don't obey 'robots.txt' rules.  An
> invisible link from the main page, and some human-readable text
> explaining what would happen to people who clicked on the CGI script
> completed the protection.
> 
> Rich.

ok, thats pretty clever :-), although, couldnt spoofing a source address
could lead you into all sorts of bother?

Ian
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list