Port scan detection in ipfw2

Don Bowman don at sandvine.com
Thu Jun 10 12:46:53 GMT 2004


From: Paul Mather [mailto:paul at gromit.dlib.vt.edu]
> On Thu, 2004-06-10 at 00:11, Khoi Dinh wrote:
> 
> > Also, is ipfw2 able to allow/disallow traffic according to
> > time? ie. If I wanted to allow http traffic only from 9am 
> to 1pm, can I do
> > this with ipfw?  I've been looking all over the net looking 
> for a solution
> > but haven't found one and was hoping that someone on the 
> list could help me
> > out, even if the answer is "no, there are no such 
> kernel-based features."
> 
> I don't believe there are any "kernel-based features" to do the above,
> but a reasonable solution to that problem would be to use two cron
> jobs.  One, run at 9am, would insert/remove rules using ipfw to allow
> HTTP traffic.  The other, run at 1pm, would insert/remove rules using
> ipfw to deny HTTP traffic.  You're probably already using 
> cron to do log
> rotation via newsyslog, so leveraging that tool to rotate ipfw traffic
> policies shouldn't be beyond the pale...
> 
> Cheers,
> 
> Paul.

There was a patch to ipfw posted last year that gave time
to rules.



More information about the freebsd-stable mailing list