[fw-wiz] denycomm, blocks IPs 4 different ways

Date: 12/29/03

  • Next message: Don Parker: "Re: [fw-wiz] port 27015"
    To: firewall-wizards@honor.icsalabs.com
    Date: Sun, 28 Dec 2003 17:54:02 -0800

    Sorry for the line-wrapping, it's the web interface.

    I have a little command-line tool (denycomm) that black holes a given
    IP. It works out-of-the-box with iptables, pf, ipf, and route. You might
    use this tool manually, just to avoid mistakes, or automatically, for
    example triggered by a log-monitoring program or an IDS. I'd like to
    add support for as many firewalls as practicable.

    IMHO it's unsanitary to hard-code commands into these programs that are
    specific to your firewall, or worse, to your firewall configuration.
    Use this program instead. You can use command-line args or better yet
    a simple (one word) config file. In the future it may sprout a "clever"
    option that guesses what firewall you're running, obviating the need
    for a config file. For all you people with money to burn, you can define
    a custom handler to alter a commercial firewall's rules. If you change
    firewalls, you make a one line change in the config file and that's it;
    you need never touch snort or swatch or any other program which blocks

    This will be the back end to a much more ambitious distributed system.


    Comments to or CC'd directly to me please; I archive this list but don't
    always read it.

    Concerned about your privacy? Follow this link to get
    FREE encrypted email: https://www.hushmail.com/?l=2

    Free, ultra-private instant messaging with Hush Messenger

    Promote security and make money with the Hushmail Affiliate Program:
    firewall-wizards mailing list

  • Next message: Don Parker: "Re: [fw-wiz] port 27015"