> 9. jul. 2019 kl. 20:03 skrev Thomas Smith <anon1...@icloud.com>: > > Hi, > > I'm considering an option to evaluate connecting IPs before they're evaluated > by `pf` in order to make some decisions about the "reputation" of a > connecting IP. Then if that reputation is low enough, some action could > either be taken: in `pf` to protect the associated application (say by > blocking the connection); or in the app responsible for the listening port.
How about having your IP reputation system dump its data (which comes down to IP addresses and ranges plus associated rating) to something parseable that could then be loaded into whatever number of tables you need, to be used in your PF rules? I imagine it wouldn’t be all that hard, depending on the degree of clunkiness of the reputation data export mainly, have the data refresh (data export, table reload) run from a cron job however often it seems useful. - Peter — Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
signature.asc
Description: Message signed with OpenPGP
