One way to do it would be with an expect script that logs in and updates a firewall rule. You'd need to track locally when the rule was added, so you could then removed it, perhaps with a simple text file and a cron job.
Best, Justin On Fri, Feb 22, 2008 at 1:08 PM, Christopher Johnson <[EMAIL PROTECTED]> wrote: > I have my systems set up to monitor authentication failures. I want one > system to be able to automatically add a firewall rule to deny a particular > IP address. In the best of all worlds, that firewall rule would then expire > at some time in the future. > > I.e. "Failed password for root from 35.8.1.1 port 38876 ssh2" is the logged > message. (And no, nobody form MSU tried this, just one of my test IPs from > a very long time ago). > > What I'd like to do is an SSH to the OFR which would then add a firewall > rule that would expire in two weeks. > > ssh vyatta.example.com /usr/local/bin/blockip 35.8.1.1 14 > > Any suggestions on what "blockip" might look like would be very nice. > > Thanks, > -Chris > > > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
