Am 03.03.2015 um 22:31 schrieb Oliver Welter:
I did a quick hack for exactly this purpose - send offending IPs from my mail server to the firewall "in a secure way". Its a python script that uses the fail2ban syntax on the one end and feeds a (patched) pfSense on the other end. You can find the scripts on github: https://github.com/oliwel/fail2sense - be warned, its a first draft - but it does the job here...For the unblock feature you need this patch against pfsense https://github.com/pfsense/pfsense/pull/1444/
the problem is the "in a secure way"that's not really possible when you mangle firewall rules which implies root permissions - as RBL request is just a DNS request which don't need *any* permissions on the machine which does the request
the other problem is mangle firewall rules in context of existing infrastructures is error prone - you may interfere existing rulesets - it's a bad idea to start with
signature.asc
Description: OpenPGP digital signature
