Re: iptables & tcp wrappers
From: George Theall (theall_at_tifaware.com)
Date: 10/06/04
- Previous message: Luis M: "Re: iptables & tcp wrappers"
- In reply to: Matthew Baker: "Re: iptables & tcp wrappers"
- Next in thread: Ansgar -59cobalt- Wiechers: "Re: iptables & tcp wrappers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 5 Oct 2004 20:48:58 -0400 To: Matthew Baker <m@netgates.co.uk>
On Tue, Oct 05, 2004 at 06:26:55PM +0100, Matthew Baker wrote:
> What it does is monitor the output from auth logs (using
> swatch) and takes the IP addresses of failed/invalid attempts and
> records the number of attempts made from that IP in a database file.
> Then when the counter goes above a configured threshold (which can be
> different for a single host or CIDR network) the IP is inserted as a
> DROP rule into custom chain using IPtables.
I wrote a more generalized version of this:
<http://www.tifaware.com/perl/log-guardian/>. It's a Perl script,
freely available, that monitors one or more logs for patterns. As
matches are found, the script reacts by running blocks of Perl code.
The patterns and code can be pretty much whatever you want, which makes
the script very flexible. I use it to monitor logs and drop traffic
from hosts responsible for troublesome behaviour with iptables rules.
George
-- theall@tifaware.com
- application/pgp-signature attachment: stored
- Previous message: Luis M: "Re: iptables & tcp wrappers"
- In reply to: Matthew Baker: "Re: iptables & tcp wrappers"
- Next in thread: Ansgar -59cobalt- Wiechers: "Re: iptables & tcp wrappers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
