Useful utilities for PF
Travis H.
solinym at gmail.com
Tue Jan 10 01:37:37 PST 2006
I'm going to do a little blatant self-promotion and suggest that you
also take a look at dfd_keeper because it implements time-based rule
expiration, among other things. Its main purpose is to provide a sort
of command shell for pf, but you get a bunch of other things along the
way. It is trivial to do things like trigger rule changes in response
to snort alerts, or using a logwatching program to detect people
attempting to brute-force ssh authentication.
I was also planning to add some kind of IP
consolidation/generalization routines so that some attacker hopping
around in a /16 won't be able to harass you 65534 times. Also in the
works is a sniffer that will do things like rdr bittorrent ports from
your NAT box to an internal host when that host starts up bittorrent.
When nobody's using bittorrent, you can go back to stealth mode (as a
forwarded port typically gives an open or closed response, you cannot
easily do non-leeching bittorrent and remain invisible).
You can download the program or view the source at my homepage below
(first link, dynamic firewall daemon).
For some reason, DFD has failed to generate any interest at all, but
I'm not quite sure why.
--
"If I could remember the names of these particles, I would have been a botanist"
-- Enrico Fermi -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
More information about the freebsd-pf
mailing list