Dear Ladies and Gentlemen,
Here is an attempt at an ipfw equivalent of Mr Gleisers auto adding of
ipfilter rules.
#!/usr/bin/perl -w
use strict ;
my $logfile="tail -f
/usr/local/apache/logs/pericles.aipo.gov.au-access_log |";
my $if="fxp0";
my $ipfw_filename = "/root/ipfw_msiis" ;
my %reset ;
open(LOG, $logfile) or die "can't open $logfile as pipe: $!";
while (<LOG>) {
if ($_=~/^([^\s]+).*GET.+winnt.+cmd.exe/) {
unless ( $reset{$1}++ ) {
open(FW, "> $ipfw_filename") or die "Can't open
$ipfw_filename: $!" ;
print FW "add reset tcp from $1 to any via $if " ;
# print FW "block return-rst in quick on $if proto tcp
from $1 to any";
close FW;
system "/sbin/ipfw $ipfw_filename" and die "ipfw rules
failed: $!" ;
}
}
}
Use at your own risk/peril of course.
Yours sincerely.
--
------------------------------------------------------------------------
Stanley Hopcroft IP Australia
Network Specialist
+61 2 6283 3189 +61 2 6281 1353 (FAX) Stanley.Hopcroft@IPAustralia.Gov.AU
------------------------------------------------------------------------
Parkinson's Fourth Law:
The number of people in any working group tends to increase
regardless of the amount of work to be done.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message