Two questions/proposals for the netfilter core developers

Lee Evans lee@vital.co.uk
Thu, 25 Oct 2001 20:21:38 +0100


>
>
>The string match option was just an example. The ideea was to match
>something (like a portscan) and than dinamically drop new connections
>from the host that made the portscan, and so avoid another portscans or
>an attack from that host. This kind of new target would be usefull if you
>have a machine and don't have time to check the logs for clues about
>portscans and then to find the ip from where the portscan came and then to
>add a rule to the iptables that drops connections from that ip.
>
>I hope now I made my self understood.
>

Take a look at portsentry - that will monitor for portscans and 
dynamically  update your firewall as you suggest.
<http://www.psionic.com/abacus/portsentry>

Regards
Lee
-- 
Lee Evans | http://www.leeevans.org