diff syslog2iptables.conf @ 51:206448c00b55 stable-1-0-12

Allow multiple contexts with independent add/remove commands.
author Carl Byington <carl@five-ten-sg.com>
date Sat, 24 Jan 2009 15:52:20 -0800
parents 75361069c6ef
children d6fb7fca0394
line wrap: on
line diff
--- a/syslog2iptables.conf	Wed Dec 24 18:40:54 2008 -0800
+++ b/syslog2iptables.conf	Sat Jan 24 15:52:20 2009 -0800
@@ -1,3 +1,24 @@
+context dns {
+    threshold 1100;
+
+    add_command    "/sbin/iptables -I INPUT --protocol udp --destination-port 53 --src %s --jump DROP";
+    remove_command "/sbin/iptables -D INPUT --protocol udp --destination-port 53 --src %s --jump DROP";
+
+    ignore {
+        127.0.0.0/8;        // localhost
+    };
+
+    file "/var/log/messages" {
+        pattern "named.*client (.*)#.*query.*cache.*denied" {
+            index 1;    // zero based
+            bucket 400;
+            message "DNS attack";
+        };
+    };
+};
+
+
+context general {
 threshold 550;
 
 add_command    "/sbin/iptables -I INPUT --src %s --jump DROP";
@@ -121,3 +142,5 @@
 //          message "ssh failed password";
 //      };
 //  };
+};
+