Date: Mon, 21 Jan 2008 22:55:09 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Jordi Espasa Clofent <jordi.espasa@opengea.org> Cc: freebsd-security@freebsd.org Subject: Re: denyhosts-like app for MySQLd? Message-ID: <Pine.BSF.3.96.1080121224407.8768B-100000@gaia.nimnet.asn.au> In-Reply-To: <47947587.2010106@opengea.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 21 Jan 2008, Jordi Espasa Clofent wrote: > > There is a functionality in pf, that allows you to have an application to > > update a list of hosts, that is used in a rule. You could have a script > > harvest the addresses from your log files, and then update the table in pf. I > > have not tried it myself, but was looking at adopting an implementation to > > create a tarpit for spammers based on this idea. > > Yes Tim, I know it. The "problem" is the servers are builded in IPFW as > firewall solution. > I've tried the "limit" IPFW's option... but isn't exactly what I'm > looking for. No problem; IPFW has tables too, and sets, with which you could enable/disable or swap your script-constructed tables atomically. Might be easier to allow good hosts rather than exclude baddies? cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1080121224407.8768B-100000>