[TriLUG] IPTables: Automated firewall hardening

Jon Carnes jonc at nc.rr.com
Mon Sep 2 20:56:50 EDT 2002


Automatic firewall hardening is a technique used by many commercial
firewalls to prevent invalid packets from reaching protected networks.
The objective of this document is to demonstrate how to harden iptables
in real-time.

http://www.linuxgazette.com/issue82/veerapen.html

http://www.linuxsecurity.com/articles/firewalls_article-5619.html

===
The author does some interesting things, but IMHO works too hard to get
some simple results - banning addresses that are scanning his site.  He
uses a database to trap authorization messages from Syslogd (using a
named pipe). And then keeps a database of all the IPaddresses that
scanned his site. He uses the database to initialize his IPTables, and
he modifies his IPTables with each negative attempt from a new
IPaddress.

You could easily get the same result by scanning the log file every
minute (or continuously) and adding the ipaddresses to a text file.

Still it is an interesting read.

Jon




More information about the TriLUG mailing list