Re: denyhosts-like app for MySQLd?

On Mon, 21 Jan 2008, Jordi Espasa Clofent wrote:
 > > There is a functionality in pf, that allows you
to have an application to 
 > > update a list of hosts, that is used in a rule.
You could have a script 
 > > harvest the addresses from your log files, and
then update the table in pf. I 
 > > have not tried it myself, but was looking at
adopting an implementation to 
 > > create a tarpit for spammers based on this idea.
 > 
 > Yes Tim, I know it. The "problem" is the
servers are builded in IPFW as
 > firewall solution.
 > I've tried the "limit" IPFW's option... but
isn't exactly what I'm
 > looking for.

No problem; IPFW has tables too, and sets, with which you
could
enable/disable or swap your script-constructed tables
atomically.

Might be easier to allow good hosts rather than exclude
baddies? 

cheers, Ian

_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"

Ian Smith napsal/wrote, On 01/21/08 12:55:
> No problem; IPFW has tables too, and sets, with which
you could
> enable/disable or 

	It interests me:

> swap your script-constructed tables atomically.

I know how to create new set of rules then move it using
"ipfw set move" 
atomically but I don't know how to fill new table then move
it in it's 
place atomically.

	So, how to swap tables in one step ?

	Thank you

				Dan

_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"