On Wednesday 21 September 2011 14:06:08 Mauricio López wrote:
I'm thinking about making an script using awk and pftop output to watch
for states that have more than 1Mb of traffic (regular DNS queries
aren't that big) and put those hosts in a table for blocking. My
question is if it is there some other more efficient solution for this
problem.
Thanks in advance
Hi Mauricio,
I dont know if this will help you, but this is a script I made years
ago
that I use on my machines. I call the script using cron once a day and let
IPFW do the filtering for me
HTH
Peg
#!/bin/sh
#automatically fetch the spamhaus zone ban list
cd /root
/usr/bin/fetch http://www.spamhaus.org/drop/drop.lasso
#Let drop all of set 11 from the firewall
/sbin/ipfw delete set 11
#Starting Rule Number
Counter=1000
#lets parse the file and cut out the piece we want
for i in `cut -d -f 1 drop.lasso | grep -v ;`
do
echo Adding rule for: $i
Counter=`expr $Counter + 1`
##Lets add the rule into set 11
/sbin/ipfw add $Counter set 11 deny ip from $i to any
Counter=`expr $Counter + 1`
/sbin/ipfw add $Counter set 11 deny ip from any to $i
done
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org