Re: denyhosts-like app for MySQLd?
Jordi Espasa Clofent wrote:
>> Hi,
>>
>> There is a functionality in pf, that allows you to have an application
>> to update a list of hosts, that is used in a rule. You could have a
>> script harvest the addresses from your log files, and then update the
>> table in pf. I have not tried it myself, but was looking at adopting
>> an implementation to create a tarpit for spammers based on this idea.
>
> Yes Tim, I know it. The "problem" is the servers are builded in IPFW as
> firewall solution.
> I've tried the "limit" IPFW's option... but isn't exactly what I'm
> looking for.
Have a look at swatch in the ports, and build some rules that add
blocking rules to the beginning of your firewall rule set.
I've got servers running with > 3500 rules ;), and the box doesn't even
notices it.
(you can even/easily do things in perl embedded in the rules.)
The best suggestion is of course to only let those in, you want to let
in. Block others by default.
I'm using the above scenario on public mailservers, with harvesting from
the postgrey output. And from the ssh log output.
--WjW
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 9 之 15 篇):