From owner-freebsd-security@FreeBSD.ORG Mon Jan 21 10:52:12 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 441BF16A419 for ; Mon, 21 Jan 2008 10:52:12 +0000 (UTC) (envelope-from tim@priebe.alt.na) Received: from pinnacle-networks.com (mx1.pinnacle-networks.com [196.44.153.3]) by mx1.freebsd.org (Postfix) with ESMTP id AF1FD13C4F0 for ; Mon, 21 Jan 2008 10:52:11 +0000 (UTC) (envelope-from tim@priebe.alt.na) Received: from [196.216.45.66] by pinnacle-networks.com with esmtp (Exim 4.67 (FreeBSD)) (envelope-from ) id 1JGuLS-000FSv-Ci; Mon, 21 Jan 2008 12:57:44 +0200 From: Tim Priebe To: freebsd-security@freebsd.org Date: Mon, 21 Jan 2008 12:53:48 +0200 User-Agent: KMail/1.9.7 References: <47946AD3.2020601@opengea.org> <200801211226.51852.tim@priebe.alt.na> <47947587.2010106@opengea.org> In-Reply-To: <47947587.2010106@opengea.org> X-disclaimer: this is a test MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200801211253.48663.tim@priebe.alt.na> X-Mailman-Approved-At: Mon, 21 Jan 2008 12:50:07 +0000 Cc: Jordi Espasa Clofent Subject: Re: denyhosts-like app for MySQLd? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jan 2008 10:52:12 -0000 On Monday 21 January 2008 12:35:51 pm Jordi Espasa Clofent wrote: > > Hi, > > > > There is a functionality in pf, that allows you to have an application to > > update a list of hosts, that is used in a rule. You could have a script > > harvest the addresses from your log files, and then update the table in > > pf. I have not tried it myself, but was looking at adopting an > > implementation to create a tarpit for spammers based on this idea. > > Yes Tim, I know it. The "problem" is the servers are builded in IPFW as > firewall solution. > I've tried the "limit" IPFW's option... but isn't exactly what I'm > looking for. As far as I know you can run both. You can just have minimal rules in pf to deal with this, and pass everything else, and deal with the rest in ipfw.