From owner-freebsd-net@FreeBSD.ORG Fri Feb 20 13:30:15 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 487741065672 for ; Fri, 20 Feb 2009 13:30:15 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.8]) by mx1.freebsd.org (Postfix) with ESMTP id CF5CE8FC13 for ; Fri, 20 Feb 2009 13:30:14 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-064-183-077.pools.arcor-ip.net [88.64.183.77]) by mrelayeu.kundenserver.de (node=mrelayeu4) with ESMTP (Nemesis) id 0ML21M-1LaVSH0sFf-0005pR; Fri, 20 Feb 2009 14:30:13 +0100 Received: (qmail 99266 invoked from network); 20 Feb 2009 13:30:12 -0000 Received: from fbsd8.laiers.local (192.168.4.200) by router.laiers.local with SMTP; 20 Feb 2009 13:30:12 -0000 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Fri, 20 Feb 2009 14:30:11 +0100 User-Agent: KMail/1.11.0 (FreeBSD/8.0-CURRENT; KDE/4.2.0; i386; ; ) References: <20090220055936.035255B1B@mail.bitblocks.com> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200902201430.12311.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1+VhL2kGZ04vhUx1B7+XWogwveuNMx0YQuw8m2 wHdqE/XhgdzufhRyUk9FKHsH69L+/4KhmUcoBg4i/lFo34MFoT qThiffyA9YsuKOd9PPcPA== Cc: Bakul Shah , Artyom Viklenko Subject: Re: A more pliable firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2009 13:30:15 -0000 On Friday 20 February 2009 09:28:49 Artyom Viklenko wrote: > On Thu, 19 Feb 2009, Bakul Shah wrote: > > I am wondering if there is a more dynamic and scriptable > > firewall program. The idea is to send it alerts (with sender > > host address) whenever a dns probe fails or ssh login fails > > or smtpd finds it has been fed spam or your website is fed > > bad urls. This program will then update the firewall after a > > certain number of attempts have been made from a host within > > a given period. > > > > Right now, when I find bad guys blasting packets at me, I add > > a rule to pf.conf to drop all packets from these hosts but > > Actually, you can use tables and add these ip-s to tables > while leave pf.conf untouchable. The only thing to resolv > is to write some daemon which will receive notifyes and update > pf tables. It should be not so hard to write such piece > of software. /usr/ports/net-mgmt/pftabled]> cat pkg-descr The pftabled daemon is a small helper to make your pf tables reachable from other hosts. You can add/delete/flush IP addresses to/from a remote table with a single UDP datagram. A simple client program is included to do this from the command line. WWW: http://wolfermann.org/pftabled.html > > all this manual editing is getting old and the internet is > > getting more and more like the Wild West crossed with the > > Attack of the Zombies. > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News