On Mon, Mar 03, 2003 at 09:44:32AM -0800, Adam Lofstedt wrote: > Hello, > > I was just wondering if IPFilter would be suitable for use in blocking a > list of Ips from getting through my firewall. I'm using Snort inside my > LAN, and am seeing a lot of code red type attacks on my internal > servers. Rather than just block those addresses on the specific > servers, I'd like to stop them at the firewall. > > I know I could use a "block in quick from bad_IP" type rule, but as the > list of bad IP's grows, it seems harder to manage the ruleset. Is there > a an easy way to maybe edit a blacklist file and have IPFilter read that > file? Or is there some other tool that would be better for this > purpose?
Based partly on some great input I got from this list, I build something similar. You shoudl be able to re-use the concept for your black list. Check out http://www.rospa.ca/documents/dshield_top10/dshield_top10.pdf for details. -T -- Page 30: Leaving a terminal logged in is like leaving your car unlocked with the keys in the ignition. - Harley Hahn, _The Unix Companion_
