Date: Mon, 21 Dec 2009 10:51:50 -0500 From: "Kevin" <k@kevinkevin.com> To: "'Gaurav Ghimire'" <gaurav@subisu.net.np> Cc: freebsd-pf@freebsd.org Subject: RE: External scripts with PF. Message-ID: <03bd01ca8255$83b5a0f0$8b20e2d0$@com> In-Reply-To: <7731938b0912210709l2dfbea79u4aa7c245e82bd203@mail.gmail.com> References: <4B2F0E9D.7020603@subisu.net.np> <7731938b0912210709l2dfbea79u4aa7c245e82bd203@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> For tracking source IPs and adding them to a table, you can already do > this, c.f. max-src-conn and overload in the pf.conf man page. > > > If you use the overload keyword to dump the bad IPs into a table then > as a quick and dirty solution for scripting you can the run a script > from cron every few minutes to do something like: > > pfctl -t table_name_with_bad_ips -T show > To continue on Peter's idea , here's a script I wrote to parse pf tables and send email alerts based on the output. You can run it as a regular cronjob : http://blog.stardothosting.com/2009/08/12/freebsd-pf-packet-filter-shell-scr ipt-to-report-on-hacking-attempts/ it not up-to-the-minute, but it works pretty good as a daily mail alert.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?03bd01ca8255$83b5a0f0$8b20e2d0$>