[ale] automating IP blocking on the firewall
Keith Hopkins
hne at hopnet.net
Sun Jun 30 10:58:38 EDT 2002
James P. Kinney III wrote:
> I wrote just the thing during the nimba worm heyday.
>
> GPL'ed of course! Directions are in the header.
>
> On Fri, 2002-06-28 at 23:16, Keith Hopkins wrote:
>
>> I'm still constantly getting hit on my web server (apache/linux) by the nimda viri. I'd like to have my web server go over it's error logs occationally, and send a list of IP address to the firewall (iptables/linux). Then I'd like to have the firewall block those IP on the incoming interface for N days.
>>
>> Has anyone done anything like this, or know of a package that would make this easier to do? Or, if I end up writing this myself, any suggestions on helpful perl routines?
>>
Hi James,
Thanks for the kickstart. Now, I just have to hack it into two parts: one for the firewall machine, and one for web server.
--
Lost in Tokyo,
Keith
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list