Dynamic firewall (was: Alert!!)
Kenneth Porter
shiva at sewingwitch.com
Thu Sep 16 03:10:23 UTC 2004
--On Wednesday, September 15, 2004 9:58 PM -0500 Dale Sykora
<dalen at czexan.net> wrote:
> echo >> "deny all from $sip rule " etc/iptables-config-file;
> echo >> "timestamp for $sip rule" someotherlogfile;
> system("service iptables restart");
For that kind of situation, create a new chain in your boot-time iptables
configuration (/etc/sysconfig/iptables) and add/delete to just that chain.
# create new chain
iptables -N badchild
# always run packets through this chain (could have a filter expression
here)
iptables -A INPUT -j badchild
Later, in your Perl script:
system("iptables -A badchild -s $sip -j DROP_badchild");
(I assume DROP_badchild does a LOG and then DROP. Use the rate-limiter
here.)
To remove a rule, you could grep for the source IP in the chain, something
like this:
grep $sip `iptables -L badchild --line-numbers` | awk '{ print $1; }'
and then run "iptables -D badchild $index" against the resulting index
list. (Perl experts should be able to turn the above into a Perl one-liner.)
More information about the users
mailing list