Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Dynamic iptables

  • 17-02-2004 3:01pm
    #1
    jank
    Banned (with Prison Access) Posts: 13,018 ✭✭✭✭


    Is there an easy way to update your iptables rather than having to statically insert new rules as needs be
    im using snort so i want the alerts that are logged by snort to be inserted dynamically into the rulebase
    i could work from mysql or syslog here(the destination of the logs)
    want to try and make an intelligant firewall here


Comments

  • #2
    Typedef
    Closed Accounts Posts: 5,564 ✭✭✭Typedef


    portsentry does that kind of thing... but, it's generally regarded as bad form.


  • #3
    Gerry
    Registered Users, Registered Users 2 Posts: 4,487 ✭✭✭Gerry


    You seem to be operating on an allow all, deny some policy. Surely you should be denying all incoming connection attempts, and making exceptions ( e.g. if you have a server that outsiders need to connect to, or for dcc's or whatever. ).

    If the connection is a shared one, you may want to restrict your outgoing access in a similar fashion.


  • #4
    jank
    Banned (with Prison Access) Posts: 13,018 ✭✭✭✭jank


    its for a project
    Ive heard of snortsam, its kinda like a plugin for snort that you configure and it will update the iptable as the alerts come in, it will also let me to state ip addresses like gateways and smtp severs etc

    i have also found a script that you can deny ip address very simply
    just do #ipdrop 172.68.x.x yes that will deny all traffic from that address and just run the script again with a no variable at the end

    how could i get a script to look through an alert generated by snort and look out for an ip address and take that ip address and send it to another script

    would like to see if it is possible to get one script to run another and pass a parameter or two(yea you guessed it an ip address or somehting like a port number) to that script, dont see why it wouldnt tbh.

    right im talking rubbish now :)
    there are programs out there that will do it for me but would like to have more invlovement in it rather than just install and configure!


Advertisement