Port scan detection in ipfw2

Paul Mather paul at gromit.dlib.vt.edu
Thu Jun 10 12:40:15 GMT 2004


On Thu, 2004-06-10 at 00:11, Khoi Dinh wrote:

> Also, is ipfw2 able to allow/disallow traffic according to
> time? ie. If I wanted to allow http traffic only from 9am to 1pm, can I do
> this with ipfw?  I've been looking all over the net looking for a solution
> but haven't found one and was hoping that someone on the list could help me
> out, even if the answer is "no, there are no such kernel-based features."

I don't believe there are any "kernel-based features" to do the above,
but a reasonable solution to that problem would be to use two cron
jobs.  One, run at 9am, would insert/remove rules using ipfw to allow
HTTP traffic.  The other, run at 1pm, would insert/remove rules using
ipfw to deny HTTP traffic.  You're probably already using cron to do log
rotation via newsyslog, so leveraging that tool to rotate ipfw traffic
policies shouldn't be beyond the pale...

Cheers,

Paul.
-- 
e-mail: paul at gromit.dlib.vt.edu

"Without music to decorate it, time is just a bunch of boring production
 deadlines or dates by which bills must be paid."
        --- Frank Vincent Zappa



More information about the freebsd-stable mailing list