From owner-freebsd-security@FreeBSD.ORG  Mon Jan 21 11:55:21 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4AAE716A46C
	for <freebsd-security@freebsd.org>;
	Mon, 21 Jan 2008 11:55:21 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143])
	by mx1.freebsd.org (Postfix) with ESMTP id CFA2213C458
	for <freebsd-security@freebsd.org>;
	Mon, 21 Jan 2008 11:55:19 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from localhost (smithi@localhost)
	by gaia.nimnet.asn.au (8.8.8/8.8.8R1.5) with SMTP id WAA09328;
	Mon, 21 Jan 2008 22:55:10 +1100 (EST)
	(envelope-from smithi@nimnet.asn.au)
Date: Mon, 21 Jan 2008 22:55:09 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Jordi Espasa Clofent <jordi.espasa@opengea.org>
In-Reply-To: <47947587.2010106@opengea.org>
Message-ID: <Pine.BSF.3.96.1080121224407.8768B-100000@gaia.nimnet.asn.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-security@freebsd.org
Subject: Re: denyhosts-like app for MySQLd?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2008 11:55:21 -0000

On Mon, 21 Jan 2008, Jordi Espasa Clofent wrote:
 > > There is a functionality in pf, that allows you to have an application to 
 > > update a list of hosts, that is used in a rule. You could have a script 
 > > harvest the addresses from your log files, and then update the table in pf. I 
 > > have not tried it myself, but was looking at adopting an implementation to 
 > > create a tarpit for spammers based on this idea.
 > 
 > Yes Tim, I know it. The "problem" is the servers are builded in IPFW as
 > firewall solution.
 > I've tried the "limit" IPFW's option... but isn't exactly what I'm
 > looking for.

No problem; IPFW has tables too, and sets, with which you could
enable/disable or swap your script-constructed tables atomically.

Might be easier to allow good hosts rather than exclude baddies? 

cheers, Ian