Alert!!
Dale Sykora
dalen at czexan.net
Thu Sep 16 02:58:53 UTC 2004
Kenneth Porter wrote:
> Right. The iptables limit module is good for throttling iptables
> logging, but what we need is something to block application (Apache,
> sendmail) logging by dynamically firewalling misbehaved clients (eg.
> zombies).
Yes! That is more generically the functionality I am looking for.
Perhaps this could easily be done in a few perl ( one of the few
languages I have experience with:() scripts.
#naive programing below
#insert deny rule
;pipe log file to $_
if( /some daemon/ ) {
if( /some alert/ ) {
/SIP filter string/;
$sip = $&;
echo >> "deny all from $sip rule " etc/iptables-config-file;
echo >> "timestamp for $sip rule" someotherlogfile;
system("service iptables restart");
}
}
#expire deny rule
cron job to remove expired deny rules
More information about the users
mailing list