I use both PortSentry and Shorewall and today upgraded the latter to
version 1.2.6. With the upgrade (from 1.1.16) came the blacklist
feature.
When PortSentry decides your system is being "attacked", it blocks
all connections from the attacking machine in one of a few ways, the
best being a call to iptables to add a specific DROP rule.
It seems to me that this is a perfect use for the blacklist feature
of Shorewall - when PortSentry wants to block a host, it adds that
host to the blacklist and ''refresh''es Shorewall.
Has anyone attempted this? More generally, it seems that a mechanism
for programmatically adding to the blacklist would be useful - if this
isn''t yet planned, shall I contribute something?
- Dan
Dan,> -----Original Message----- > From: shorewall-users-admin@shorewall.net > [mailto:shorewall-users-admin@shorewall.net] On Behalf Of Dan Copeland > Sent: Thursday, February 21, 2002 12:38 AM > To: shorewall-users@shorewall.net > Subject: [Shorewall-users] Portsentry and Shorewall blacklist? > > > Has anyone attempted this? More generally, it seems that a > mechanism > for programmatically adding to the blacklist would be useful - if this > isn''t yet planned, shall I contribute something? >There is someone already working on this -- I''ve forwarded a request for status. -Tom -- Tom Eastep \ Shorewall -- iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net