Port scan detection in ipfw2
Paul Mather
paul at gromit.dlib.vt.edu
Thu Jun 10 12:40:15 GMT 2004
On Thu, 2004-06-10 at 00:11, Khoi Dinh wrote:
> Also, is ipfw2 able to allow/disallow traffic according to
> time? ie. If I wanted to allow http traffic only from 9am to 1pm, can I do
> this with ipfw? I've been looking all over the net looking for a solution
> but haven't found one and was hoping that someone on the list could help me
> out, even if the answer is "no, there are no such kernel-based features."
I don't believe there are any "kernel-based features" to do the above,
but a reasonable solution to that problem would be to use two cron
jobs. One, run at 9am, would insert/remove rules using ipfw to allow
HTTP traffic. The other, run at 1pm, would insert/remove rules using
ipfw to deny HTTP traffic. You're probably already using cron to do log
rotation via newsyslog, so leveraging that tool to rotate ipfw traffic
policies shouldn't be beyond the pale...
Cheers,
Paul.
--
e-mail: paul at gromit.dlib.vt.edu
"Without music to decorate it, time is just a bunch of boring production
deadlines or dates by which bills must be paid."
--- Frank Vincent Zappa
More information about the freebsd-stable
mailing list