Dynamic firewall (was: Alert!!)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

--On Wednesday, September 15, 2004 9:58 PM -0500 Dale Sykora <dalen@xxxxxxxxxx> wrote:

		echo >> "deny all from $sip rule " etc/iptables-config-file;
		echo >> "timestamp for $sip rule" someotherlogfile;
		system("service iptables restart");

For that kind of situation, create a new chain in your boot-time iptables configuration (/etc/sysconfig/iptables) and add/delete to just that chain.

# create new chain
iptables -N badchild
# always run packets through this chain (could have a filter expression here)
iptables -A INPUT -j badchild

Later, in your Perl script:

system("iptables -A badchild -s $sip -j DROP_badchild");

(I assume DROP_badchild does a LOG and then DROP. Use the rate-limiter here.)

To remove a rule, you could grep for the source IP in the chain, something like this:

grep $sip `iptables -L badchild --line-numbers` | awk '{ print $1; }'

and then run "iptables -D badchild $index" against the resulting index list. (Perl experts should be able to turn the above into a Perl one-liner.)


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux