@PACKAGE@PackagesThe various source and binary packages are available at http://www.five-ten-sg.com/@PACKAGE@/packages/
The most recent documentation is available at http://www.five-ten-sg.com/@PACKAGE@/2005-12-15@PACKAGE@1@PACKAGE@ @VERSION@@PACKAGE@a simple adaptive firewallSynopsis@PACKAGE@Description@PACKAGE@ is a simple adaptive firewall. It
maintains the INPUT chain of the iptables1 firewall set based on syslog entries. These syslog
entries are typically generated by your hardware firewall, but they
could come from any source. Any syslog entry that contains a host name
or ip address can be used as input to this package.The @PACKAGE@.conf5 file specifies the syslog files
to be monitored, and the regular expressions (regex7) to be applied to new lines in those files. Each
regular expression needs an index to specify the matching substring that
contains either an ip address or host name, and a bucket count which is
added to the leaky bucket for that ip address when a matching line is
read from that syslog file.Each ip address has an associated leaky bucket, which leaks one
token per second. Once the bucket contains more than a configurable
threshold number of tokens, that ip address is added to the INPUT chain
with a DROP target. When the bucket is drained to zero, that ip address
is removed from the INPUT chain.The discussion has focused on syslog files, but any ascii text
file can be used, so long as some other process appends lines to that
file, and those lines containing hostname or ip addresses can be matched
with some regular expression.Considering syslog files in particular, these are normally rotated
via logrotate. @PACKAGE@ properly detects and
handles this case by closing the old file, and reopening the newly
created file.Options-c
Load the configuration file, print a cannonical form
of the configuration on stdout, and exit.
-d n
Set the debug level to n.
Usage@PACKAGE@ -d 2Configuration
The configuration file is documented in @PACKAGE@.conf5. Any change to the config file will cause it to be
reloaded within three minutes.
TODO
The following ideas are under consideration.
Add a global configuration option for the single iptables table
name, rather than the current fixed INPUT name.
Add a configuration option for the iptables table name in the
pattern statement. This implies handling multiple tables, so each
table needs its own map of ip addresses and bucket values.
Copyright
Copyright (C) 2005 by 510 Software Group <carl@five-ten-sg.com>
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2, or (at your option) any
later version.
You should have received a copy of the GNU General Public License along
with this program; see the file COPYING. If not, please write to the
Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
2005-12-15@PACKAGE@.conf5@PACKAGE@ @VERSION@@PACKAGE@.confconfiguration file for @PACKAGE@Synopsis@PACKAGE@.confDescriptionThe @PACKAGE@.conf configuration file is
specified by this partial bnf description. The entire config file
is case sensitive. All the keywords are lower case.
Sample