Hi all,
I have included my script to unblock all dynamically blocked IPs
that are brute force attacking my firewall. Here is what I did.
1. Modified Stephen Carville''s script to use shorewall dynamic black
listing and execute it via cron every 5 minutes
2. Every hour run this script
#!/usr/bin/perl -w
use strict;
sub main {
my ($line,$ip);
print `date`;
foreach $line (<STDIN>) {
print $line;
if ($line =~ m/(\d+\.\d+\.\d+\.\d+)/) {
$ip = $1;
print "$ip\n";
next if ($ip =~ m/^192\.168\./);
next if ($ip =~ m/216\.117\.196\.95/);
`/sbin/shorewall allow $ip`;
}
}
}
I''m not perl guru, and I''m pretty sure using backticks is not
preferred over exec. Since I''m in a time crunch (20 minutes) I just
did this until I can add the fork and process id check. Hopefully
this helps someone else!
-------------------------------------------------------
This SF.Net email is sponsored by the ''Do More With Dual!''
webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar