[Gllug] Dynamic firewall rules
Ian Norton
bredroll at darkspace.org.uk
Mon Aug 16 17:12:53 UTC 2004
On Mon, 2004-08-16 at 12:38, Richard Jones wrote:
> On Mon, Aug 16, 2004 at 11:25:35AM +0100, Jon Dye wrote:
> > Does anyone know of a program that can moitor logs and add rules to my
> > firewall based on what it finds? I think such a program exists and I
> > don't want to create my own if there is already one out there but I
> > havn't been able to find one.
> >
> > My main reason for this is to block specific IPs after login attempts to
> > unknown users.
>
> No, but I recently scripted something like this for a client.
>
> Very simply, I had a setuid program which took a single IP address
> as a command-line argument and executed:
>
> iptables -A INPUT -s $ip_address -j DROP
>
> It had a few safeguards, obviously, such as strict checking that the
> IP address had the correct format, and having a whitelist of IPs which
> could never be blocked.
>
> Then I arranged for this script to be called from various places. In
> particular, it was called from a CGI script hidden in a directory
> which was "protected" by an entry in 'robots.txt'. The idea was to
> catch spam harvesters which don't obey 'robots.txt' rules. An
> invisible link from the main page, and some human-readable text
> explaining what would happen to people who clicked on the CGI script
> completed the protection.
>
> Rich.
ok, thats pretty clever :-), although, couldnt spoofing a source address
could lead you into all sorts of bother?
Ian
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list