Firewall Filtering

Todd Lee todd at LANtech-HI.com
Thu Jan 31 19:49:24 PST 2002 

Thanks Ben!  I'll try adding the hosts maually if the portsentry mod doesn't
work!

-Todd

>-----Original Message-----
>From: Ben Beeson [mailto:beesond001 at hawaii.rr.com]
>Sent: Wednesday, January 30, 2002 10:16 PM
>To: Linux & Unix Advocates & Users
>Subject: [luau] Re: Firewall Filtering
>
>
>Todd,
>	I recently added a bunch of IP address blocks to my
>MonMotha Firewall by
>just adding the addresses to the BLACKHOLE list.  According to
>MonMotha,
>the format is  BLACKHOLE="IPAddress/NETMASK"  .  Place all those
>addresses enclosed in one set of quotes separated by white
>space.   For
>Example:  BLACKHOLE="217.96.0.0/14 217.97.33.0/8 " would
>blackhole both
>of those families of IP Addresses.   MonMotha stated in a reply to a
>question that I posed to the list about 3 weeks ago that the
>firewall is
>really just a shell script (what an understatement!!!)  This
>means that
>all those shell script tricks you have saved up could probably be used
>within it for doing things you'd like to do more
>"automagically."  I see
>no reason why you could not use command substitution to read the
>appropriate portions of /etc/host.deny , /../portsentry.history, or
>/../portsentry.blocked file contents into the BLACKHOLE or DENY_ALL
>script variables.  However, be careful that you don't create a
>denial of
>service upon yourself by doing so.    It is for this reason
>that I prefer
>to edit the BLACKHOLE list manually.
>	Please also be aware that portsentry will automatically
>add offending IP
>addresses to /etc/host.deny if you tell it to do so.    See
>the Dropping
>Routes section of the portsentry.conf file for details on how
>to do this.
>  It's actually pretty easy, just uncomment the appropriate response
>option.
>Good Luck,
>Ben
>
>
>Original Message dated 1/30/02, 7:21:41 PM
>Author: "Todd Lee" <todd at LANtech-HI.com>
>Re: [luau] Firewall Filtering:
>
>
>Hey everyone!
>
>I was wondering if there was a way to add a bunch of hosts I
>want to deny
>access from.  There have been at least 30-40 IPs that I've
>seen that have
>been either scanning or running Code Red II or something other than
>looking at the webpages I'm hosting that I'd like to be able
>to control.
>I was just wondering if there's a way that portsentry or any other
>package can automatically flag the IPs to be entered into monmotha's
>firewall or hosts_deny.  I'm wondering if I'm being paranoid
>or reading
>the logs incorrectly.  If anyone would like to see the logs, I
>can e-mail
>them to you directly, there's a lot...
>
>Much Mahalos,
>Todd
>---
>You are currently subscribed to luau as: beesond001 at hawaii.rr.com
>To unsubscribe send a blank email to $subst('Email.Unsub')
>
>---
>You are currently subscribed to luau as: todd at lantech-hi.com
>To unsubscribe send a blank email to $subst('Email.Unsub')
>

More information about the LUAU mailing list