Peter Maxwell wrote: > 2009/12/22 Gaurav Ghimire <gau...@subisu.net.np>: > > >> thinking if I could be informed via an email alert that a new IP has >> been added to the table abusive_ips. It seems this would have been >> possible if there was a possibility that I could trigger an external >> script on the rule 3rd rule I have. And the external script would just >> do pfctl -t abusive_ips -T show and mail it to me, or I could just have >> some more intelligence there and save a record of the previous show >> output and mail the diffs that way I could get the new IPs that have >> been added to the table. And inform them clients that they have >> something fishy going at there end that is bombing my mail servers. That >> way I would not need to make it a regular cron job and would have the >> advantage of running it only when a new IP is added to the table. >> >> Was just thinking if this could have been possible. >> > > Writing or modifying a script to suit your needs then putting it in a > crontab to run even every few minutes will do what you want. It will > also take significantly less effort than breaking out your C compiler > and learning enough about pf's API and internals to do it more > elegantly. > > Apart from anything else, it is poor firewall design to have your > firewall box execute code based on rules getting hit; if you don't > understand why, seriously - get someone else to setup the firewall for > you. If you look at commercial firewalls, any event notification is > not done by the firewall appliance itself, it's always done on either > a separate management console, IDS, SEM, whatever. > Hi Peter,
Yes I understand your concern here regarding the alert and notification job being something that a Firewall isn't supposed to do. Lack of resources makes you try to get much more of out of something, though it might seem impractical :) . I will take your suggestions in consideration. Thank you. Regards, -- Gaurav Ghimire System Administrator - Systems (R&D) Subisu Cablenet (P.) Ltd. 148 Thirbum Sadak Baluwatar, Kathmandu Nepal _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
