From owner-freebsd-net@FreeBSD.ORG Fri Feb 20 20:45:19 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A450F106564A for ; Fri, 20 Feb 2009 20:45:19 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from alf.aws-net.org.ua (alf.aws-net.org.ua [85.90.196.192]) by mx1.freebsd.org (Postfix) with ESMTP id 4D9298FC18 for ; Fri, 20 Feb 2009 20:45:18 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from aviko (aviko.aws-net.org.ua [192.168.32.4]) (authenticated bits=0) by alf.aws-net.org.ua (8.14.3/8.14.3) with ESMTP id n1KK7TfS058940 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 20 Feb 2009 22:07:29 +0200 (EET) (envelope-from artem@aws-net.org.ua) From: Artyom Viklenko Organization: Arto&Co. To: Max Laier Date: Fri, 20 Feb 2009 22:07:29 +0200 User-Agent: KMail/1.9.10 References: <20090220055936.035255B1B@mail.bitblocks.com> <200902201430.12311.max@love2party.net> In-Reply-To: <200902201430.12311.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200902202207.29379.artem@aws-net.org.ua> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (alf.aws-net.org.ua [192.168.32.61]); Fri, 20 Feb 2009 22:07:29 +0200 (EET) X-Virus-Scanned: ClamAV version 0.94.2, clamav-milter version 0.94.2 on alf.aws-net.org.ua X-Virus-Status: Clean Cc: Bakul Shah , freebsd-net@freebsd.org Subject: Re: A more pliable firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2009 20:45:20 -0000 On Friday 20 February 2009 15:30:11 Max Laier wrote: > On Friday 20 February 2009 09:28:49 Artyom Viklenko wrote: > > On Thu, 19 Feb 2009, Bakul Shah wrote: > > > I am wondering if there is a more dynamic and scriptable > > > firewall program. The idea is to send it alerts (with sender > > > host address) whenever a dns probe fails or ssh login fails > > > or smtpd finds it has been fed spam or your website is fed > > > bad urls. This program will then update the firewall after a > > > certain number of attempts have been made from a host within > > > a given period. > > > > > > Right now, when I find bad guys blasting packets at me, I add > > > a rule to pf.conf to drop all packets from these hosts but > > > > Actually, you can use tables and add these ip-s to tables > > while leave pf.conf untouchable. The only thing to resolv > > is to write some daemon which will receive notifyes and update > > pf tables. It should be not so hard to write such piece > > of software. > > /usr/ports/net-mgmt/pftabled]> cat pkg-descr > The pftabled daemon is a small helper to make your pf > tables reachable from other hosts. You can add/delete/flush > IP addresses to/from a remote table with a single UDP > datagram. A simple client program is included to do this > from the command line. > > WWW: http://wolfermann.org/pftabled.html > Wonderful! Thanks a lot! :) > > > all this manual editing is getting old and the internet is > > > getting more and more like the Wild West crossed with the > > > Attack of the Zombies. > > > _______________________________________________ > > > freebsd-net@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" --             Sincerely yours,                              Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem artem@viklenko.net   | ================================ FreeBSD: The Power to Serve   -  http://www.freebsd.org