Hi,
Can the shorewall rules TARPIT action be used to automatically blacklist all IP
addresses that try to connect to the tarpit ports?
Can a custom shell command be triggered/executed whenever there's an "action
match" (eg. attacker connects to a port where there's a shorewall TARPIT rule
and shorewall launches a custom shell command and passes attacker IP address as
argument)? My guess is that it can't because shorewall isn't a service and it's
launched only once to set up iptables. Correct?
So, what options do I have to automatically blacklist IP addresses that fall
into the tarpit?
Thanks,
Vieri
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
