I have my systems set up to monitor authentication failures. I want one system to be able to automatically add a firewall rule to deny a particular IP address. In the best of all worlds, that firewall rule would then expire at some time in the future.
I.e. "Failed password for root from 35.8.1.1 port 38876 ssh2" is the logged message. (And no, nobody form MSU tried this, just one of my test IPs from a very long time ago). What I'd like to do is an SSH to the OFR which would then add a firewall rule that would expire in two weeks. ssh vyatta.example.com /usr/local/bin/blockip 35.8.1.1 14 Any suggestions on what "blockip" might look like would be very nice. Thanks, -Chris
_______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
