Hey folks - wondering if anyone knows of a pfsense plugin that will do
this - OR if anyone wants to take on writing it ...
We house a fairly large number of servers behind pfsense in transparent
mode as well as a few others running BGP.
Currently most of the servers are running a Nix variant (some centos,
some ubuntu etc... )
Each system has some basic ids/ips and brute force detection built in -
and uses iptables to block offending ip addresses -
What I am thinking is - having pfsense do something a bit better
if we could have the log file we have on each system automatically
update a log file on pfsense - AND then via CRON perhaps have that log
injected into the firewall on the router we could very quickly BLOCK
offending parties from reaching EVERY system in the network.
Another idea (although not 100% needed) would be to have that IP have
its traffic redirected to a simple ip in our network (on a different
server of course) that tells them they have been blocked for abuse and
to contact us via whatever method we choose (simple nginx webpage)
Any thoughts?
Thank you in advance,
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
