Well, I don't like following up on my own postings.
What I found was something in "iptables". The "recent" module.
Used the CLI to generate a new firewall rule set named "crackers." I added
a single source IP to that table just to have something there.
Then I used "iptables -I crackers -m recent --name badguys --rcheck -j DROP"
to add the extra rule.
Now, to add a bad guy to the list, all I do, as root is
echo xx.xx.xx.xx >/net/ipt_recent/badguys
and they are blocked. I've not made all the things work the way I want,
such as having --seconds work so that the table automatically clears after
a certain amount of time. Still a work in progress though.
Best,
-Chris
On Fri, Feb 22, 2008 at 5:29 PM, Christopher Johnson <[EMAIL PROTECTED]>
wrote:
> Wow Lots of good responses in a hurry.
>
> Thank you.
>
> First, I have many systems and when somebody attacks, I want to close the
> network off to that IP, not just a single machine. That implies that I can
> not use IPTABLES directly. Though I did give thought to adding that type of
> rule to all systems. It turns out that is not a good choice because some of
> my systems are not Linux.
>
> Using Zenoss command, I have no problem parsing the actual syslog message
> and converting that to a source IP address.
>
> So, I'm now in the position that a script is running under vbash on the
> OFR. I guess that I was looking for was more in line with the CLI commands
> within the script to actual effect the firewalling.
>
> I.e.
> configure
> set firewall ....
> commit
> exit
>
> Under the webgui of VC3 I remember that there was a way to make a list of
> addresses to add to a firewall rule, I've not found that under VC4.
>
> Sorry if this is a bit disjoint.
>
> Best,
> -Chris
>
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
