From owner-freebsd-pf@FreeBSD.ORG Mon Dec 21 05:58:58 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E87A106566B for ; Mon, 21 Dec 2009 05:58:58 +0000 (UTC) (envelope-from gaurav@subisu.net.np) Received: from mx-01.subisu.net.np (mx-01.subisu.net.np [202.63.240.20]) by mx1.freebsd.org (Postfix) with ESMTP id 127508FC0A for ; Mon, 21 Dec 2009 05:58:57 +0000 (UTC) Received: from localhost (mx-01.subisu.net.np [127.0.0.1]) by mx-01.subisu.net.np (Postfix) with ESMTP id 94D83EE004A for ; Mon, 21 Dec 2009 11:43:54 +0545 (NPT) X-Virus-Scanned: amavisd-new at subisu.net.np Received: from mx-01.subisu.net.np ([127.0.0.1]) by localhost (mx-01.subisu.net.np [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vnCrR1ts-kO7 for ; Mon, 21 Dec 2009 11:43:54 +0545 (NPT) Received: from [202.63.244.34] (unknown [202.63.244.34]) by mx-01.subisu.net.np (Postfix) with ESMTP id 1F0E7EE0047 for ; Mon, 21 Dec 2009 11:43:54 +0545 (NPT) Message-ID: <4B2F0E9D.7020603@subisu.net.np> Date: Mon, 21 Dec 2009 11:43:53 +0545 From: Gaurav Ghimire User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: External scripts with PF. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Dec 2009 05:58:58 -0000 Hi all, Are there any possibilities that I could run a script (bash, perl) when any rule is matched. For example, I have some distinct rule and want to get an alert email each time any connection threshold is crossed on it from a singe IP. Say I want one IP only have 1 http connection to a web service in my server, if it goes 2 pf would update a table or run a external script that would alert me about that IP. This is just a concept and I am not doing it in real. Just wanted to know if there are any possibilities that I could run external scripts or invoke them when a rule is matched. I would appreciate any hints or references. Regards, -- Gaurav Ghimire System Administrator - Systems (R&D) Subisu Cablenet (P.) Ltd. 148 Thirbum Sadak Baluwatar, Kathmandu Nepal T: 00977 1 4429616/17 Ext.: 121 F: 00977 1 4430572 http://www.subisu.net.np (An ISO 9001:2000 Certified Company)