You certainly could (unlike other router vendors :-) ); the trade-off is where you'd like to put the application and data, and ensure you keep a copy if you re-install the ISO! If you're managing multiple systems, you'd probably want to go with an external application.
Of course, of you've installed a local application/script, you can run it on a scheduled basis using cron, and you have direct access to the log files. You could even directly modify iptables rather than updating the configuration, which would ensure that the temporary rules were cleared on a system reboot. Justin On Fri, Feb 22, 2008 at 1:36 PM, Allan Leinwand <[EMAIL PROTECTED]> wrote: > Hi Justin, > > How about a script that lives on the Vyatta itself? I'm no scripting > wizard by any means, but I imagine that by sitting on the Vyatta you can > parse the logfiles, modify the config file and load it pretty easily, right? > > Just a thought from the peanut gallery ;) > > Take care, > > Allan > > > > ----- Original Message ----- > From: "Justin Fletcher" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Sent: Friday, February 22, 2008 1:28:29 PM (GMT-0800) America/Los_Angeles > Subject: Re: [Vyatta-users] Adding Firewall rules remotely > > One way to do it would be with an expect script that logs in and > updates a firewall rule. > You'd need to track locally when the rule was added, so you could then > removed it, > perhaps with a simple text file and a cron job. > > Best, > Justin > > On Fri, Feb 22, 2008 at 1:08 PM, Christopher Johnson <[EMAIL PROTECTED]> > wrote: > > I have my systems set up to monitor authentication failures. I want one > > system to be able to automatically add a firewall rule to deny a particular > > IP address. In the best of all worlds, that firewall rule would then > expire > > at some time in the future. > > > > I.e. "Failed password for root from 35.8.1.1 port 38876 ssh2" is the logged > > message. (And no, nobody form MSU tried this, just one of my test IPs > from > > a very long time ago). > > > > What I'd like to do is an SSH to the OFR which would then add a firewall > > rule that would expire in two weeks. > > > > ssh vyatta.example.com /usr/local/bin/blockip 35.8.1.1 14 > > > > Any suggestions on what "blockip" might look like would be very nice. > > > > Thanks, > > -Chris > > > > > > _______________________________________________ > > Vyatta-users mailing list > > Vyatta-users@mailman.vyatta.com > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > > > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
