Fwd: temporary IP addition to firewall rules
Guillermo Garron
guillermo.fedora at gmail.com
Mon Feb 5 02:35:02 UTC 2007
Hi, this could be maybe interesting for Ubuntu lists readers, as it
was originally posted to Ubuntu and Fedora Lists, and a good answer
come from the Fedora Lists, I am Top Posting this, because it has
nothing to do with the original post.. Please read the whole thread
from here.
regards,
Guillermo.
---------- Forwarded message ----------
From: Mike Wright <xktnniuymlla at mailinator.com>
Date: Feb 4, 2007 2:53 PM
Subject: Re: temporary IP addition to firewall rules
To: lists at spider-security.net, For users of Fedora <fedora-list at redhat.com>
Nathaniel Hall wrote:
> Noah wrote:
>
>>Does anybody have a recommendation for a program out there that would
>>allow somebody to enter an account and password on my website, their
>>IP address is cached, and the cached IP address is added temporarily
>>to the firewall ruleset to be allowed.
>
> I have actually considered doing almost exactly the same thing. What I
> was planning on doing was writing a php page that the user would log in
> with. When they do, then php would run a system command using their IP
> to add a netfilter (iptables) firewall rule. There would then be a cron
> job that runs daily to restart the firewall, thus the added rules would
> be removed.
>
Hi All,
This sounds like a perfect match for ipset.
A single iptables rule could refer to the set and the firewall wouldn't
have to be restarted. Addresses could be added and removed from the set
to provide dynamic access control. (I use this technique to block
miscreants automatically; their own actions put them into the set
without any manual intervention on my part.)
Note that it would require rolling your own kernel.
http://ipset.netfilter.org
:m)
--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
--
Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."
(Using FC6, CentOS4.4 and Ubuntu 6.06)
http://feeds.feedburner.com/go2linux
http://www.go2linux.org
More information about the ubuntu-users
mailing list