mike808@users.sourceforge.net
2003-May-09 21:49 UTC
[Shorewall-users] Re: Shorewall-users Digest, Vol 6, Issue 17
Anyone done anything similar with Shorewall what Rob has done with BSD''s new PF capabilities? http://www.yewnicks.org/codered.php i.e. periodically analyzing shorewall logs and blacklisting IPs that trigger DoS or intrusion flags? I''m thinking appending onto /etc/shorewall/blacklist or the rules file with any IPs identified via the same httpd.conf log tricks from Apache would work for Shorewall. Is such an exercise worthwhile? i.e. it isn''t worth bothering to blacklist/block traffic unless the traffic is incessant over a significant (YMMV) duration? Which is my current posture due to its low maintenance features. :=) Mike --------------------------------------------- http://www.valuenet.net