> For tracking source IPs and adding them to a table, you can already do > this, c.f. max-src-conn and overload in the pf.conf man page. > > > If you use the overload keyword to dump the bad IPs into a table then > as a quick and dirty solution for scripting you can the run a script > from cron every few minutes to do something like: > > pfctl -t table_name_with_bad_ips -T show >
To continue on Peter's idea , here's a script I wrote to parse pf tables and send email alerts based on the output. You can run it as a regular cronjob : http://blog.stardothosting.com/2009/08/12/freebsd-pf-packet-filter-shell-scr ipt-to-report-on-hacking-attempts/ it not up-to-the-minute, but it works pretty good as a daily mail alert. _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
