Port scan detection in ipfw2
Don Bowman
don at sandvine.com
Thu Jun 10 12:46:53 GMT 2004
From: Paul Mather [mailto:paul at gromit.dlib.vt.edu]
> On Thu, 2004-06-10 at 00:11, Khoi Dinh wrote:
>
> > Also, is ipfw2 able to allow/disallow traffic according to
> > time? ie. If I wanted to allow http traffic only from 9am
> to 1pm, can I do
> > this with ipfw? I've been looking all over the net looking
> for a solution
> > but haven't found one and was hoping that someone on the
> list could help me
> > out, even if the answer is "no, there are no such
> kernel-based features."
>
> I don't believe there are any "kernel-based features" to do the above,
> but a reasonable solution to that problem would be to use two cron
> jobs. One, run at 9am, would insert/remove rules using ipfw to allow
> HTTP traffic. The other, run at 1pm, would insert/remove rules using
> ipfw to deny HTTP traffic. You're probably already using
> cron to do log
> rotation via newsyslog, so leveraging that tool to rotate ipfw traffic
> policies shouldn't be beyond the pale...
>
> Cheers,
>
> Paul.
There was a patch to ipfw posted last year that gave time
to rules.
More information about the freebsd-stable
mailing list