active iptables update

To: debian-user@lists.debian.org
Subject: active iptables update
From: George Georgalis <georgw@galis.org>
Date: Mon, 3 Feb 2003 13:26:21 -0500
Message-id: <[🔎] 20030203182621.GH29895@trot.local>

I'm looking for a way to add iptable rules per connection profiles.
So if a particular IP triggers an action (-j), an iptables rule (such
as drop all connections from that IP) is inserted in the appropriate
table. The idea is to block an abusive IP while not interrupting regular
service.

I know this has been done before, but in a plethora of netfilter
information I didn't notice this technique.

I was thinking along these lines; forward malicious requests to some
ip on the 127.0.0.0/8 network where tcpdump would be listening ready
to trigger a script that inserts a new drop (or whatever) rule into
the iptables ruleset. I'm sure someone has worked out the details of a
function like this... Suggestions?

// George


-- 
GEORGE GEORGALIS, System Admin/Architect    cell: 347-451-8229 
Security Services, Web, Mail,            mailto:george@galis.org 
Multimedia, DB, DNS and Metrics.       http://www.galis.org/george

Reply to:

Prev by Date: Exim AUTH problems
Next by Date: Need RAID0 recommendations
Previous by thread: Re: Exim AUTH problems
Next by thread: Re: active iptables update
Index(es):
- Date
- Thread