[Dshield] adaptive firewall...
Chris Brenton
cbrenton at chrisbrenton.org
Thu Nov 11 10:49:11 GMT 2004
On Wed, 2004-11-10 at 23:36, Johannes B. Ullrich wrote:
>
> Well, this is some topic where Linux and iptables shine. For a great paper,
> see: http://www.stearns.org/doc/adaptive-firewalls.current.html
Agreed, iptables is the way to go. Bill talks about doing just what you
need with the "recent" module. Another possibility is to simply use rate
limiting. Something like:
iptables -A FORWARD -i eth0 -m limit --limit 5/minute -p tcp -m state
--state NEW -d 1.2.3.4 --dport 25 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp -d 1.2.3.4 --dport 25 -j REJECT
--reject-with icmp-host-unreachable
Process the state table before these rules and keep them in this exact
order. You will be set to go. :)
> Bill Stearns, the author of this paper, got a couple other interesting
> writings on his site.
*Totally* agree. Bill has some awesome tools as well as some great write
ups on using common tools like Netcat and SSH. I must mention his site
in class at least a dozen times. ;-)
HTH,
Chris
More information about the list
mailing list