Hello ALL, How do I reject a specific IP? I have seen this question various times.
Myself, I had a problem with my log files filling up with rejections on ports 111, 515,444, and others and wondered the same thing So, to solve the problem, I wrote some scripts that work to automatically parse the /var/log/messages file and pick out offending IP addresses and the ports that were affected. It then creates a firewall rule that blocks the offending PI address and the specific port so I get a DENY without logging rule. It self regulates its self , removes duplicate PI addresses, purges its self from a cron job every 1'st. of the month to make sure I do not have stagnate addresses. I run the script from a cron job every 30 min. Since I have been running the scripts my log files have become sane again :-) MAWK and SED need to be on your system for this to work. I am running 2.2.16 Eiger, they should run on any system. Since then I have also created a dynamic listing to my weblet page. One of my scripts dynamically builds the list and each offending address is listed as a hyperlink so I can do a 'who is' look up if I wish. Finally, I took it one step further. I created a dynamic graphing script that will build a graph 'on the fly' to my weblet page to let me see how many and to what port. Now what do I do with them??? These scripts are something I wish to share with everyone and you can get a copy at www.vette66.com. Enjoy, vette66 (chuck) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
