Sorry. I was not lucid enough. I wanted to know if there wa an interface for shorewall to execute a deny rule based on port scans without user input. Dynamic blacklisting as I understand here is input by the user. Am I right? Portsentry has settings where by portsentry automatically creates a drop target chain for a specific IP from which it has detected a portscan.
Mohan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Eastep Sent: Friday, August 02, 2002 6:46 PM To: S Mohan Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] descan On Fri, 2 Aug 2002, S Mohan wrote: > I think shorewall allows to log packets coming to various ports. Can > we allow for a rule to be defined dynamically blocking the source IP > of the packet in case the port being opened/ queried is not allowed by > the host owner. This is what portsentry does. Portsentry creates a > iptables/ ipchains rule dynamically blocking such source Ips assuming > these are results of port scans or hacking activity. In addition, he > includes these IPs in host.deny file. Can we do the same in shorewall? > See http://www.shorewall.net/blacklisting_support.htm. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
