[fw-wiz] denycomm, blocks IPs 4 different ways
To: firstname.lastname@example.org Date: Sun, 28 Dec 2003 17:54:02 -0800
Sorry for the line-wrapping, it's the web interface.
I have a little command-line tool (denycomm) that black holes a given
IP. It works out-of-the-box with iptables, pf, ipf, and route. You might
use this tool manually, just to avoid mistakes, or automatically, for
example triggered by a log-monitoring program or an IDS. I'd like to
add support for as many firewalls as practicable.
IMHO it's unsanitary to hard-code commands into these programs that are
specific to your firewall, or worse, to your firewall configuration.
Use this program instead. You can use command-line args or better yet
a simple (one word) config file. In the future it may sprout a "clever"
option that guesses what firewall you're running, obviating the need
for a config file. For all you people with money to burn, you can define
a custom handler to alter a commercial firewall's rules. If you change
firewalls, you make a one line change in the config file and that's it;
you need never touch snort or swatch or any other program which blocks
This will be the back end to a much more ambitious distributed system.
Comments to or CC'd directly to me please; I archive this list but don't
always read it.
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
Promote security and make money with the Hushmail Affiliate Program:
firewall-wizards mailing list