From owner-freebsd-net@FreeBSD.ORG Fri Feb 20 09:03:24 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CB76B106564A for ; Fri, 20 Feb 2009 09:03:24 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from alf.aws-net.org.ua (alf.aws-net.org.ua [85.90.196.192]) by mx1.freebsd.org (Postfix) with ESMTP id 24DB98FC14 for ; Fri, 20 Feb 2009 09:03:23 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from alf.aws-net.org.ua (alf.aws-net.org.ua [192.168.32.61]) by alf.aws-net.org.ua (8.14.3/8.14.3) with ESMTP id n1K8SsJt018789 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 20 Feb 2009 10:28:55 +0200 (EET) (envelope-from artem@aws-net.org.ua) Date: Fri, 20 Feb 2009 10:28:49 +0200 (EET) From: Artyom Viklenko To: Bakul Shah In-Reply-To: <20090220055936.035255B1B@mail.bitblocks.com> Message-ID: References: <20090220055936.035255B1B@mail.bitblocks.com> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0.1 (alf.aws-net.org.ua [192.168.32.61]); Fri, 20 Feb 2009 10:28:55 +0200 (EET) X-Virus-Scanned: ClamAV version 0.94.2, clamav-milter version 0.94.2 on alf.aws-net.org.ua X-Virus-Status: Clean Cc: net@freebsd.org Subject: Re: A more pliable firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2009 09:03:25 -0000 On Thu, 19 Feb 2009, Bakul Shah wrote: > I am wondering if there is a more dynamic and scriptable > firewall program. The idea is to send it alerts (with sender > host address) whenever a dns probe fails or ssh login fails > or smtpd finds it has been fed spam or your website is fed > bad urls. This program will then update the firewall after a > certain number of attempts have been made from a host within > a given period. > > Right now, when I find bad guys blasting packets at me, I add > a rule to pf.conf to drop all packets from these hosts but Actually, you can use tables and add these ip-s to tables while leave pf.conf untouchable. The only thing to resolv is to write some daemon which will receive notifyes and update pf tables. It should be not so hard to write such piece of software. > all this manual editing is getting old and the internet is > getting more and more like the Wild West crossed with the > Attack of the Zombies. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- Sincerely yours, Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem FreeBSD: The Power to Serve - http://www.freebsd.org