Hello Martin, I agree with your feature suggestion. It also applies in the context of a captive portal implementation with iptables, e.g. where you redirect incoming packets from a given source address to an advertising web site during a given period of time.
mO --- Martin MAURER <[EMAIL PROTECTED]> wrote: > Dear developers, > > I am currently developing an iptables/ip_queue based > interactive > firewall tool like those available on M$-Windows > (tiny-firewall, ...) > Recently I discussed a little bit with a friend > about a feature which > would be very nice to have in such a tool: > timeouting rules. I think of > the following situation: Somebody is portscanning my > machine. For > security reasons I want to block his access, but of > course not forever. > So it would be nice if I could do something like: > iptables -A INPUT -s his.ip.address -timeout > a_unix_timestamp -j DROP > so that this firewall rule is deleted automatically > at the given time. > Of course it would also be possible, to implement > this faeture as a part > of my tool, but I thought maybe it would be an > useful extension to > netfilter itself. > I personally do not know a lot about netfilter > internals, and so I can't > say if this would be easy/possible to implement. > > greetings > Lonestar > Martin Maurer > Student at the University of Linz (Austria) > > > > > ATTACHMENT part 2 application/pgp-signature name=signature.asc __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/
