On Sun, Jan 13, 2019 at 08:04:32PM +0100, Radek wrote: > Hi, > > I would gladly play with your script. Would you please share it @misc. Maybe > our community could develope it further... > > On Sun, 13 Jan 2019 12:43:15 -0600 > ed...@pettijohn-web.com wrote: > > > On Fri, Jan 11, 2019 at 09:30:38AM +1100, Aaron Mason wrote: > > > I knew it wouldn't trigger on the first attempt, but I had a sneaking > > > suspicion that you'd need something to listen on that port. Is there > > > a way to achieve what we seek, in that case, without userland tools? > > > > > > On Thu, Jan 10, 2019 at 9:18 PM Stuart Henderson <s...@spacehopper.org> > > > wrote: > > > > > > > > On 2019-01-09, Aaron Mason <simplersolut...@gmail.com> wrote: > > > > > Hi Jordan > > > > > > > > > > I've set it up to try it, but I'm not having much luck. Even when I > > > > > trigger more than one, it still doesn't populate the bad_hosts table, > > > > > even again when I extend the rate period to 86400 seconds. I've added > > > > > logging so I know the rule is triggering. See below. > > > > > > > > max-src-conn-rate is only triggered when a TCP connection is > > > > established, you need to have something listening (and it will only > > > > trigger on the *second* connection). > > > > > > > > > > > > > > > > > -- > > > Aaron Mason - Programmer, open source addict > > > I've taken my software vows - for beta or for worse > > > > > > > I wrote a little daemon to do what we're looking for. It listens on > > specified ports, accepts the connection and executes a script so you can > > either use something like logger or pfctl, etc to do what you want with > > the address it connected from. If anyone wants to play with it let me > > know and I'll send you the tarball. > > > > Edgar > > > > > -- > radek
It can be obtained at http://www.pettijohn-web.com/void-1.0.0.tar.gz The manual isn't quite complete. The supplied script could really use some help as well as an rc script. The makefile is also cobbled together. It is pledged and unveiled. I think it can have a few of the pledges removed, but I haven't gotten that far. I think it is unveiled correctly, but this was my first time playing with it. The only requirement is libevent2 to aid in portability, which was the driving force behind executing a script so that it could tie into whatever packet filter is in use. Any constructive suggestions and patches are more than welcome. Enjoy. Edgar