Firewall Filtering

Ben Beeson beesond001 at hawaii.rr.com
Thu Jan 31 00:15:47 PST 2002 

Todd,
	I recently added a bunch of IP address blocks to my MonMotha Firewall by 
just adding the addresses to the BLACKHOLE list.  According to MonMotha, 
the format is  BLACKHOLE="IPAddress/NETMASK"  .  Place all those 
addresses enclosed in one set of quotes separated by white space.   For 
Example:  BLACKHOLE="217.96.0.0/14 217.97.33.0/8 " would blackhole both 
of those families of IP Addresses.   MonMotha stated in a reply to a 
question that I posed to the list about 3 weeks ago that the firewall is 
really just a shell script (what an understatement!!!)  This means that 
all those shell script tricks you have saved up could probably be used 
within it for doing things you'd like to do more "automagically."  I see 
no reason why you could not use command substitution to read the 
appropriate portions of /etc/host.deny , /../portsentry.history, or 
/../portsentry.blocked file contents into the BLACKHOLE or DENY_ALL 
script variables.  However, be careful that you don't create a denial of 
service upon yourself by doing so.    It is for this reason that I prefer 
to edit the BLACKHOLE list manually.   
	Please also be aware that portsentry will automatically add offending IP 
addresses to /etc/host.deny if you tell it to do so.    See the Dropping 
Routes section of the portsentry.conf file for details on how to do this. 
  It's actually pretty easy, just uncomment the appropriate response 
option.   
Good Luck,
Ben 
	

Original Message dated 1/30/02, 7:21:41 PM
Author: "Todd Lee" <todd at LANtech-HI.com>
Re: [luau] Firewall Filtering:


Hey everyone!
 
I was wondering if there was a way to add a bunch of hosts I want to deny 
access from.  There have been at least 30-40 IPs that I've seen that have 
been either scanning or running Code Red II or something other than 
looking at the webpages I'm hosting that I'd like to be able to control.  
I was just wondering if there's a way that portsentry or any other 
package can automatically flag the IPs to be entered into monmotha's 
firewall or hosts_deny.  I'm wondering if I'm being paranoid or reading 
the logs incorrectly.  If anyone would like to see the logs, I can e-mail 
them to you directly, there's a lot...
 
Much Mahalos,
Todd
---
You are currently subscribed to luau as: beesond001 at hawaii.rr.com
To unsubscribe send a blank email to $subst('Email.Unsub')

More information about the LUAU mailing list