Two questions/proposals for the netfilter core developers
Thu, 25 Oct 2001 20:21:38 +0100
>The string match option was just an example. The ideea was to match
>something (like a portscan) and than dinamically drop new connections
>from the host that made the portscan, and so avoid another portscans or
>an attack from that host. This kind of new target would be usefull if you
>have a machine and don't have time to check the logs for clues about
>portscans and then to find the ip from where the portscan came and then to
>add a rule to the iptables that drops connections from that ip.
>I hope now I made my self understood.
Take a look at portsentry - that will monitor for portscans and
dynamically update your firewall as you suggest.
Lee Evans | http://www.leeevans.org