active iptables update
I'm looking for a way to add iptable rules per connection profiles.
So if a particular IP triggers an action (-j), an iptables rule (such
as drop all connections from that IP) is inserted in the appropriate
table. The idea is to block an abusive IP while not interrupting regular
service.
I know this has been done before, but in a plethora of netfilter
information I didn't notice this technique.
I was thinking along these lines; forward malicious requests to some
ip on the 127.0.0.0/8 network where tcpdump would be listening ready
to trigger a script that inserts a new drop (or whatever) rule into
the iptables ruleset. I'm sure someone has worked out the details of a
function like this... Suggestions?
// George
--
GEORGE GEORGALIS, System Admin/Architect cell: 347-451-8229
Security Services, Web, Mail, mailto:george@galis.org
Multimedia, DB, DNS and Metrics. http://www.galis.org/george
Reply to: