[TriLUG] IPTables: Automated firewall hardening
02 Sep 2002 21:29:11 -0400
Keep in mind, dynamic filter rules are frowned upon by many security
specialists because they could theoretically be used against you to
initiate a denial of service attack, hitting your firewall from spoofed
IP addresses and gradually closing you off from the Internet using your
own systems against you.
On Mon, 2002-09-02 at 20:56, Jon Carnes wrote:
> Automatic firewall hardening is a technique used by many commercial
> firewalls to prevent invalid packets from reaching protected networks.
> The objective of this document is to demonstrate how to harden iptables
> in real-time.
> The author does some interesting things, but IMHO works too hard to get
> some simple results - banning addresses that are scanning his site. He
> uses a database to trap authorization messages from Syslogd (using a
> named pipe). And then keeps a database of all the IPaddresses that
> scanned his site. He uses the database to initialize his IPTables, and
> he modifies his IPTables with each negative attempt from a new
> You could easily get the same result by scanning the log file every
> minute (or continuously) and adding the ipaddresses to a text file.
> Still it is an interesting read.
> TriLUG mailing list
> TriLUG Organizational FAQ:
Wedding videos $500 if you book by August 31 -