Mercurial > syslog2iptables
diff syslog2iptables.conf @ 51:206448c00b55 stable-1-0-12
Allow multiple contexts with independent add/remove commands.
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Sat, 24 Jan 2009 15:52:20 -0800 |
parents | 75361069c6ef |
children | d6fb7fca0394 |
line wrap: on
line diff
--- a/syslog2iptables.conf Wed Dec 24 18:40:54 2008 -0800 +++ b/syslog2iptables.conf Sat Jan 24 15:52:20 2009 -0800 @@ -1,3 +1,24 @@ +context dns { + threshold 1100; + + add_command "/sbin/iptables -I INPUT --protocol udp --destination-port 53 --src %s --jump DROP"; + remove_command "/sbin/iptables -D INPUT --protocol udp --destination-port 53 --src %s --jump DROP"; + + ignore { + 127.0.0.0/8; // localhost + }; + + file "/var/log/messages" { + pattern "named.*client (.*)#.*query.*cache.*denied" { + index 1; // zero based + bucket 400; + message "DNS attack"; + }; + }; +}; + + +context general { threshold 550; add_command "/sbin/iptables -I INPUT --src %s --jump DROP"; @@ -121,3 +142,5 @@ // message "ssh failed password"; // }; // }; +}; +