Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Feb 2009 14:30:11 +0100
From:      Max Laier <max@love2party.net>
To:        freebsd-net@freebsd.org
Cc:        Bakul Shah <bakul@bitblocks.com>, Artyom Viklenko <artem@aws-net.org.ua>
Subject:   Re: A more pliable firewall
Message-ID:  <200902201430.12311.max@love2party.net>
In-Reply-To: <alpine.BSF.2.00.0902201024090.18688@nys.njf-arg.bet.hn>
References:  <20090220055936.035255B1B@mail.bitblocks.com> <alpine.BSF.2.00.0902201024090.18688@nys.njf-arg.bet.hn>

next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 20 February 2009 09:28:49 Artyom Viklenko wrote:
> On Thu, 19 Feb 2009, Bakul Shah wrote:
> > I am wondering if there is a more dynamic and scriptable
> > firewall program.  The idea is to send it alerts (with sender
> > host address) whenever a dns probe fails or ssh login fails
> > or smtpd finds it has been fed spam or your website is fed
> > bad urls.  This program will then update the firewall after a
> > certain number of attempts have been made from a host within
> > a given period.
> >
> > Right now, when I find bad guys blasting packets at me, I add
> > a rule to pf.conf to drop all packets from these hosts but
>
> Actually, you can use tables and add these ip-s to tables
> while leave pf.conf untouchable. The only thing to resolv
> is to write some daemon which will receive notifyes and update
> pf tables. It should be not so hard to write such piece
> of software.

 /usr/ports/net-mgmt/pftabled]> cat pkg-descr 
 The pftabled daemon is a small helper to make your pf
 tables reachable from other hosts. You can add/delete/flush
 IP addresses to/from a remote table with a single UDP
 datagram. A simple client program is included to do this
 from the command line.

 WWW:    http://wolfermann.org/pftabled.html

> > all this manual editing is getting old and the internet is
> > getting more and more like the Wild West crossed with the
> > Attack of the Zombies.
> > _______________________________________________
> > freebsd-net@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-net
> > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

-- 
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902201430.12311.max>