I am attempting to do something along these lines using a python+pcap sniffer to watch for certain traffic, and use DFD (specifically dfd_keeper) to make the changes to the firewall. It will also be able to tear down the connection when it sees it close (or after a timeout - rules can be made with specified lifetimes):
http://www.lightconsulting.com/~travis/dfd/dfd_keeper/ Check it out; I'd like to get some people using it and helping me make it better. Once I finish the sniffer, it'll be able to do SPA (single packet authentication), blocking of malicious hosts, FTP, peer-to-peer stuff, streaming multimedia protocols, port scan detection, etc.* Much of the framework is there, it just needs a sniffer program to exploit it. There might be some delay or packet loss, but I suspect these problems will be manageable on modern machines. [*] There will also be a cutting-edge DoS/DDoS mitigation technique, if everything works the way I think it will. -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
