Hi Justin, How about a script that lives on the Vyatta itself? I'm no scripting wizard by any means, but I imagine that by sitting on the Vyatta you can parse the logfiles, modify the config file and load it pretty easily, right?
Just a thought from the peanut gallery ;) Take care, Allan ----- Original Message ----- From: "Justin Fletcher" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: Friday, February 22, 2008 1:28:29 PM (GMT-0800) America/Los_Angeles Subject: Re: [Vyatta-users] Adding Firewall rules remotely One way to do it would be with an expect script that logs in and updates a firewall rule. You'd need to track locally when the rule was added, so you could then removed it, perhaps with a simple text file and a cron job. Best, Justin On Fri, Feb 22, 2008 at 1:08 PM, Christopher Johnson <[EMAIL PROTECTED]> wrote: > I have my systems set up to monitor authentication failures. I want one > system to be able to automatically add a firewall rule to deny a particular > IP address. In the best of all worlds, that firewall rule would then expire > at some time in the future. > > I.e. "Failed password for root from 35.8.1.1 port 38876 ssh2" is the logged > message. (And no, nobody form MSU tried this, just one of my test IPs from > a very long time ago). > > What I'd like to do is an SSH to the OFR which would then add a firewall > rule that would expire in two weeks. > > ssh vyatta.example.com /usr/local/bin/blockip 35.8.1.1 14 > > Any suggestions on what "blockip" might look like would be very nice. > > Thanks, > -Chris > > > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
