[fw-wiz] denycomm, blocks IPs 4 different ways

Date: 12/29/03

  • Next message: Don Parker: "Re: [fw-wiz] port 27015"
    To: firewall-wizards@honor.icsalabs.com
    Date: Sun, 28 Dec 2003 17:54:02 -0800

    Sorry for the line-wrapping, it's the web interface.

    I have a little command-line tool (denycomm) that black holes a given
    IP. It works out-of-the-box with iptables, pf, ipf, and route. You might
    use this tool manually, just to avoid mistakes, or automatically, for
    example triggered by a log-monitoring program or an IDS. I'd like to
    add support for as many firewalls as practicable.

    IMHO it's unsanitary to hard-code commands into these programs that are
    specific to your firewall, or worse, to your firewall configuration.
    Use this program instead. You can use command-line args or better yet
    a simple (one word) config file. In the future it may sprout a "clever"
    option that guesses what firewall you're running, obviating the need
    for a config file. For all you people with money to burn, you can define
    a custom handler to alter a commercial firewall's rules. If you change
    firewalls, you make a one line change in the config file and that's it;
    you need never touch snort or swatch or any other program which blocks

    This will be the back end to a much more ambitious distributed system.


    Comments to or CC'd directly to me please; I archive this list but don't
    always read it.

    Concerned about your privacy? Follow this link to get
    FREE encrypted email: https://www.hushmail.com/?l=2

    Free, ultra-private instant messaging with Hush Messenger

    Promote security and make money with the Hushmail Affiliate Program:
    firewall-wizards mailing list

  • Next message: Don Parker: "Re: [fw-wiz] port 27015"

    Relevant Pages

    • denycomm, a free IP blocker for multiple firewalls
      ... I have a little command-line tool that black holes a given ... specific to your firewall, or worse, to your firewall configuration. ... a simple config file. ...
    • Re: [opensuse] Lost firewall logging
      ... in the original config file, ... Restarting the firewall and/or restarting syylog-ng even ... specifing the config file, ...
    • Re: trying to install the nvidia driver
      ... edited the x config file and now it allows me ... set a decent resoultion and refresh rate. ... card using ndis wrapper (cos there is no native linux driver for my ... I think its a firewall issue (knew I shouldn't have installed it, ...
    • Re: [SLE] NFS with SuSEfirewall2
      ... to the Firewall config file and restart the Firewall. ... config file is very well commented and easy to understand. ... restart the Firewall or reboot after commenting the config file. ... # Web Site Development ...
    • Re: New?? firewall idea, self-learning?
      ... I have a linux desktop upstairs. ... If you're bringing up the idea of a self-learning firewall then I don't ... really secure servers don't have any GUI installed. ... A GUI *can* be configured to be just as secure as a command-line interface. ...