Firewall Wizards mailing list archives
denycomm, blocks IPs 4 different ways
From: <auto92089 () hushmail com>
Date: Sun, 28 Dec 2003 17:54:02 -0800
Sorry for the line-wrapping, it's the web interface. I have a little command-line tool (denycomm) that black holes a given IP. It works out-of-the-box with iptables, pf, ipf, and route. You might use this tool manually, just to avoid mistakes, or automatically, for example triggered by a log-monitoring program or an IDS. I'd like to add support for as many firewalls as practicable. IMHO it's unsanitary to hard-code commands into these programs that are specific to your firewall, or worse, to your firewall configuration. Use this program instead. You can use command-line args or better yet a simple (one word) config file. In the future it may sprout a "clever" option that guesses what firewall you're running, obviating the need for a config file. For all you people with money to burn, you can define a custom handler to alter a commercial firewall's rules. If you change firewalls, you make a one line change in the config file and that's it; you need never touch snort or swatch or any other program which blocks hosts. This will be the back end to a much more ambitious distributed system. http://travcom.tripod.com/ Comments to or CC'd directly to me please; I archive this list but don't always read it. Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- denycomm, blocks IPs 4 different ways auto92089 (Jan 01)