From owner-freebsd-ipfw Mon Aug 28 8:41:38 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from c014.sfo.cp.net (c014-h023.c014.sfo.cp.net [209.228.12.87]) by hub.freebsd.org (Postfix) with SMTP id CCA5237B43E for ; Mon, 28 Aug 2000 08:41:32 -0700 (PDT) Received: (cpmta 9292 invoked from network); 28 Aug 2000 08:31:02 -0700 Received: from m12hRs4n205.midsouth.rr.com (HELO development1) (24.95.125.205) by smtp.valuedata.net (209.228.12.87) with SMTP; 28 Aug 2000 08:31:02 -0700 X-Sent: 28 Aug 2000 15:31:02 GMT Message-ID: <005f01c01104$b382a980$0200000a@development1> From: "Daryl Chance" To: "FreeBSD IPFW" Subject: ipfw add exec(blah).... Date: Mon, 28 Aug 2000 10:29:04 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, Has there ever been any type of discussion about adding something to ipfw to execute a certain command if a fw rule is triggered? There could be a little use for this, but the only couple I can really think of is: a) if a deny rule is triggered you could run tcpdump for a little, the rule could possibly pass on some variables to the script (ip address:port denied) so you could pipe tcpdump through grep for the ip addie/port, watching for any other attemps. b) you could setup a script to email you or play a sound wav or some visual type of alert. Thoughts? I don't know much about the IPFW code, so I couldn't code a patch for it :). This a good idea? or could it allow for a possible security problem? Thanks, -------------------------------------------------------- | Daryl Chance | I have made this letter longer then | | Valuedata, LLC | usual because I lacked the time to | | Memphis, TN | make it shorter. -- Blaise Pascal | -------------------------------------------------------- -------------------------------------------------------- | Daryl Chance | I have made this letter longer then | | Valuedata, LLC | usual because I lacked the time to | | Memphis, TN | make it shorter. -- Blaise Pascal | -------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message