David Burrow
2006-May-22 20:57 UTC
Creating an action/macro utilizing the Netfilter Recent Match module
Hello all, I''d like to create an action or macro to do the following: Deny all traffic to ip addresses attempting to connect to ports 1026 and 1027 on my firewall for 1 hour. I''ve read the section in the documentation on Port Knocking and other implementations of the recent match module, and I''ve looked at examples on the official ipt_recent web page, and what I''ve learned is that I don''t know enough about iptables or the scripting involved in the examples given in the Shorewall docs to really even know what exactly is going on. I''d appreciate any tips about how to implement this using an action or macro. I''m using Shorewall 3.0.6. If it''s inappropriate for me to ask for help in designing the action/macro to do this, I apologize, and would instead ask for advice as to where I might find information that will help me more completely understand what''s going on in the examples. Thanks for the great product. I''ve been using it for some time now, and cannot complain at all about the experience I''ve had. Thanks, David ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Tom Eastep
2006-May-22 21:27 UTC
Re: Creating an action/macro utilizing the Netfilter Recent Match module
David Burrow wrote:> Deny all traffic to ip addresses attempting to connect to ports 1026 > and 1027 on my firewall for 1 hour. > > I''ve read the section in the documentation on Port Knocking and other > implementations of the recent match module, and I''ve looked at > examples on the official ipt_recent web page, and what I''ve learned is > that I don''t know enough about iptables or the scripting involved in > the examples given in the Shorewall docs to really even know what > exactly is going on. I''d appreciate any tips about how to implement > this using an action or macro. I''m using Shorewall 3.0.6. If it''s > inappropriate for me to ask for help in designing the action/macro to > do this, I apologize, and would instead ask for advice as to where I > might find information that will help me more completely understand > what''s going on in the examples.The description of what you want to do is too ill-defined to give you any concrete.help (for one hour beginning WHEN? and if the client continues to try every two seconds for the entire hour, is the connection still allowed at the end of that hour?). But a good place to read about the recent match is Oskar Andreasson''s Tutorial at: http://iptables-tutorial.frozentux.net/iptables-tutorial.html#RECENTMATCH -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key