[TriLUG] IPTables: Automated firewall hardening
02 Sep 2002 20:56:50 -0400
Automatic firewall hardening is a technique used by many commercial
firewalls to prevent invalid packets from reaching protected networks.
The objective of this document is to demonstrate how to harden iptables
The author does some interesting things, but IMHO works too hard to get
some simple results - banning addresses that are scanning his site. He
uses a database to trap authorization messages from Syslogd (using a
named pipe). And then keeps a database of all the IPaddresses that
scanned his site. He uses the database to initialize his IPTables, and
he modifies his IPTables with each negative attempt from a new
You could easily get the same result by scanning the log file every
minute (or continuously) and adding the ipaddresses to a text file.
Still it is an interesting read.