I'm looking for a way to add iptable rules per connection profiles. So if a particular IP triggers an action (-j), an iptables rule (such as drop all connections from that IP) is inserted in the appropriate table. The idea is to block an abusive IP while not interrupting regular service.
I know this has been done before, but in a plethora of netfilter information I didn't notice this technique. I was thinking along these lines; forward malicious requests to some ip on the 127.0.0.0/8 network where tcpdump would be listening ready to trigger a script that inserts a new drop (or whatever) rule into the iptables ruleset. I'm sure someone has worked out the details of a function like this... Suggestions? // George -- GEORGE GEORGALIS, System Admin/Architect cell: 347-451-8229 Security Services, Web, Mail, mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
