From owner-freebsd-net@FreeBSD.ORG Fri Feb 20 06:18:28 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 752491065670 for ; Fri, 20 Feb 2009 06:18:28 +0000 (UTC) (envelope-from bakul@bitblocks.com) Received: from mail.bitblocks.com (bitblocks.com [64.142.15.60]) by mx1.freebsd.org (Postfix) with ESMTP id 62A0B8FC13 for ; Fri, 20 Feb 2009 06:18:28 +0000 (UTC) (envelope-from bakul@bitblocks.com) Received: from bitblocks.com (localhost.bitblocks.com [127.0.0.1]) by mail.bitblocks.com (Postfix) with ESMTP id 035255B1B for ; Thu, 19 Feb 2009 21:59:36 -0800 (PST) To: net@freebsd.org Date: Thu, 19 Feb 2009 21:59:35 -0800 From: Bakul Shah Message-Id: <20090220055936.035255B1B@mail.bitblocks.com> Cc: Subject: A more pliable firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2009 06:18:28 -0000 I am wondering if there is a more dynamic and scriptable firewall program. The idea is to send it alerts (with sender host address) whenever a dns probe fails or ssh login fails or smtpd finds it has been fed spam or your website is fed bad urls. This program will then update the firewall after a certain number of attempts have been made from a host within a given period. Right now, when I find bad guys blasting packets at me, I add a rule to pf.conf to drop all packets from these hosts but all this manual editing is getting old and the internet is getting more and more like the Wild West crossed with the Attack of the Zombies.