[TriLUG] IPTables: Automated firewall hardening
Jon Carnes
jonc at nc.rr.com
Mon Sep 2 20:56:50 EDT 2002
Automatic firewall hardening is a technique used by many commercial
firewalls to prevent invalid packets from reaching protected networks.
The objective of this document is to demonstrate how to harden iptables
in real-time.
http://www.linuxgazette.com/issue82/veerapen.html
http://www.linuxsecurity.com/articles/firewalls_article-5619.html
===
The author does some interesting things, but IMHO works too hard to get
some simple results - banning addresses that are scanning his site. He
uses a database to trap authorization messages from Syslogd (using a
named pipe). And then keeps a database of all the IPaddresses that
scanned his site. He uses the database to initialize his IPTables, and
he modifies his IPTables with each negative attempt from a new
IPaddress.
You could easily get the same result by scanning the log file every
minute (or continuously) and adding the ipaddresses to a text file.
Still it is an interesting read.
Jon
More information about the TriLUG
mailing list