Shorewall users - Dec 2004 - Blacklist IP after 2 failed PPTP connection attempts

I am running shorewall 1.4.8-1 on my firewall.  I am also running poptop
on this firewall for remote VPN clients to connect to our local network. 
I would like to set some options in pppd, so that after 2 failed user/pass
attempts are tried, the IP address is blacklisted, and an email is sent to
the admin of this IP address that has been blacklisted.

I know this may be more of a ppp question than shorewall, but I figured
some users of shorewall might have some insight on how to accomplish this.
 Would the maxfail x in /etc/ppp/options setting help me out?  How do I
then put that IP address of the client into the shorewall blacklist file,
and restart shorewall for the changes to take affect?

I am limiting the password attempts, due to a new security issue with
PPTP, where a new brute force hacking tool can be used to crack passwords
on PPTP servers.

Thanks for any info or insight on how to solve this problem.

- Bruce Garlock

On Wed, 22 Dec 2004, Bruce Garlock wrote:
> I know this may be more of a ppp question than shorewall, but I figured
> some users of shorewall might have some insight on how to accomplish this.
>  Would the maxfail x in /etc/ppp/options setting help me out?  How do I
> then put that IP address of the client into the shorewall blacklist file,
> and restart shorewall for the changes to take affect?
You don''t need to restart Shorewall. You can execute these two
commands:

	/sbin/shorewall reject <ip address>
	/sbin/shorewall save

-Tom

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net