[fw-wiz] denycomm, blocks IPs 4 different ways

• Previous message: sd2mcleo_at_engmail.uwaterloo.ca: "[fw-wiz] Comparisons between Router ACLs and Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Sun, 28 Dec 2003 17:54:02 -0800

Sorry for the line-wrapping, it's the web interface.

I have a little command-line tool (denycomm) that black holes a given
IP. It works out-of-the-box with iptables, pf, ipf, and route. You might
use this tool manually, just to avoid mistakes, or automatically, for
example triggered by a log-monitoring program or an IDS. I'd like to
add support for as many firewalls as practicable.

IMHO it's unsanitary to hard-code commands into these programs that are
specific to your firewall, or worse, to your firewall configuration.
Use this program instead. You can use command-line args or better yet
a simple (one word) config file. In the future it may sprout a "clever"
option that guesses what firewall you're running, obviating the need
for a config file. For all you people with money to burn, you can define
a custom handler to alter a commercial firewall's rules. If you change
firewalls, you make a one line change in the config file and that's it;
you need never touch snort or swatch or any other program which blocks
hosts.

This will be the back end to a much more ambitious distributed system.

http://travcom.tripod.com/

Comments to or CC'd directly to me please; I archive this list but don't
always read it.

Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: sd2mcleo_at_engmail.uwaterloo.ca: "[fw-wiz] Comparisons between Router ACLs and Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages denycomm, a free IP blocker for multiple firewalls ... I have a little command-line tool that black holes a given ... specific to your firewall, or worse, to your firewall configuration. ... a simple config file. ... (Focus-IDS) Re: [opensuse] Lost firewall logging ... in the original config file, ... Restarting the firewall and/or restarting syylog-ng even ... specifing the config file, ... (SuSE) Re: trying to install the nvidia driver ... edited the x config file and now it allows me ... set a decent resoultion and refresh rate. ... card using ndis wrapper (cos there is no native linux driver for my ... I think its a firewall issue (knew I shouldn't have installed it, ... (alt.os.linux.redhat) Re: [SLE] NFS with SuSEfirewall2 ... to the Firewall config file and restart the Firewall. ... config file is very well commented and easy to understand. ... restart the Firewall or reboot after commenting the config file. ... # Web Site Development ... (SuSE) Re: New?? firewall idea, self-learning? ... I have a linux desktop upstairs. ... If you're bringing up the idea of a self-learning firewall then I don't ... really secure servers don't have any GUI installed. ... A GUI *can* be configured to be just as secure as a command-line interface. ... (comp.security.firewalls)