External scripts with PF.
Kevin
k at kevinkevin.com
Mon Dec 21 15:52:37 UTC 2009
> For tracking source IPs and adding them to a table, you can already do
> this, c.f. max-src-conn and overload in the pf.conf man page.
>
>
> If you use the overload keyword to dump the bad IPs into a table then
> as a quick and dirty solution for scripting you can the run a script
> from cron every few minutes to do something like:
>
> pfctl -t table_name_with_bad_ips -T show
>
To continue on Peter's idea , here's a script I wrote to parse pf tables and
send email alerts based on the output. You can run it as a regular cronjob :
http://blog.stardothosting.com/2009/08/12/freebsd-pf-packet-filter-shell-scr
ipt-to-report-on-hacking-attempts/
it not up-to-the-minute, but it works pretty good as a daily mail alert.
More information about the freebsd-pf
mailing list