Firewall Filtering
Todd Lee
todd at LANtech-HI.com
Thu Jan 31 19:49:24 PST 2002
Thanks Ben! I'll try adding the hosts maually if the portsentry mod doesn't
work!
-Todd
>-----Original Message-----
>From: Ben Beeson [mailto:beesond001 at hawaii.rr.com]
>Sent: Wednesday, January 30, 2002 10:16 PM
>To: Linux & Unix Advocates & Users
>Subject: [luau] Re: Firewall Filtering
>
>
>Todd,
> I recently added a bunch of IP address blocks to my
>MonMotha Firewall by
>just adding the addresses to the BLACKHOLE list. According to
>MonMotha,
>the format is BLACKHOLE="IPAddress/NETMASK" . Place all those
>addresses enclosed in one set of quotes separated by white
>space. For
>Example: BLACKHOLE="217.96.0.0/14 217.97.33.0/8 " would
>blackhole both
>of those families of IP Addresses. MonMotha stated in a reply to a
>question that I posed to the list about 3 weeks ago that the
>firewall is
>really just a shell script (what an understatement!!!) This
>means that
>all those shell script tricks you have saved up could probably be used
>within it for doing things you'd like to do more
>"automagically." I see
>no reason why you could not use command substitution to read the
>appropriate portions of /etc/host.deny , /../portsentry.history, or
>/../portsentry.blocked file contents into the BLACKHOLE or DENY_ALL
>script variables. However, be careful that you don't create a
>denial of
>service upon yourself by doing so. It is for this reason
>that I prefer
>to edit the BLACKHOLE list manually.
> Please also be aware that portsentry will automatically
>add offending IP
>addresses to /etc/host.deny if you tell it to do so. See
>the Dropping
>Routes section of the portsentry.conf file for details on how
>to do this.
> It's actually pretty easy, just uncomment the appropriate response
>option.
>Good Luck,
>Ben
>
>
>Original Message dated 1/30/02, 7:21:41 PM
>Author: "Todd Lee" <todd at LANtech-HI.com>
>Re: [luau] Firewall Filtering:
>
>
>Hey everyone!
>
>I was wondering if there was a way to add a bunch of hosts I
>want to deny
>access from. There have been at least 30-40 IPs that I've
>seen that have
>been either scanning or running Code Red II or something other than
>looking at the webpages I'm hosting that I'd like to be able
>to control.
>I was just wondering if there's a way that portsentry or any other
>package can automatically flag the IPs to be entered into monmotha's
>firewall or hosts_deny. I'm wondering if I'm being paranoid
>or reading
>the logs incorrectly. If anyone would like to see the logs, I
>can e-mail
>them to you directly, there's a lot...
>
>Much Mahalos,
>Todd
>---
>You are currently subscribed to luau as: beesond001 at hawaii.rr.com
>To unsubscribe send a blank email to $subst('Email.Unsub')
>
>---
>You are currently subscribed to luau as: todd at lantech-hi.com
>To unsubscribe send a blank email to $subst('Email.Unsub')
>
More information about the LUAU
mailing list