On Wed, Jan 28, 2009 at 04:12:47AM -0700, [email protected] wrote: > Is there a (reasonable/simple) way to send "shorewall drop/shorewall > allow" commands to a firewall from a machine in the DMZ? > > I have a DNS server running in my DMZ behind a three interface > shorewall firewall. I have started to see some DOS attacks on the > name server and would like to be able to automate dropping traffic > from the offending IP addresses at the firewall rather than at the > DNS server. > You could probably automate something like that using ssh and keys. However, beyond that nothing really exists. Interestingly enough, I proposed this just yesterday: http://trac.shorewall.net/wiki/ShorewallManagementDaemonProposal
Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
