Two questions/proposals for the netfilter core developers

Lee Evans
Thu, 25 Oct 2001 20:21:38 +0100

>The string match option was just an example. The ideea was to match
>something (like a portscan) and than dinamically drop new connections
>from the host that made the portscan, and so avoid another portscans or
>an attack from that host. This kind of new target would be usefull if you
>have a machine and don't have time to check the logs for clues about
>portscans and then to find the ip from where the portscan came and then to
>add a rule to the iptables that drops connections from that ip.
>I hope now I made my self understood.

Take a look at portsentry - that will monitor for portscans and 
dynamically  update your firewall as you suggest.

Lee Evans |