Jordi Espasa Clofent wrote:
Hi,
There is a functionality in pf, that allows you to have an application
to update a list of hosts, that is used in a rule. You could have a
script harvest the addresses from your log files, and then update the
table in pf. I have not tried it myself, but was looking at adopting
an implementation to create a tarpit for spammers based on this idea.
Yes Tim, I know it. The "problem" is the servers are builded in IPFW as
firewall solution.
I've tried the "limit" IPFW's option... but isn't exactly what I'm
looking for.
Have a look at swatch in the ports, and build some rules that add
blocking rules to the beginning of your firewall rule set.
I've got servers running with > 3500 rules ;), and the box doesn't even
notices it.
(you can even/easily do things in perl embedded in the rules.)
The best suggestion is of course to only let those in, you want to let
in. Block others by default.
I'm using the above scenario on public mailservers, with harvesting from
the postgrey output. And from the ssh log output.
--WjW
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
