hi thomas On Tue, Jul 21, 2015 at 06:44:43PM -0400, Thomas Delrue wrote: > Thank you for replying! ... > On 07/21/2015 06:30 PM, alvin wrote: ... > > # eg. add incoming ddos attackers to iptables blacklist > > # iptables-gui -autoadd ... 'a.b.c.d|w.x.y.z' > > > > # the corresponding actual iptable rule: > > iptables -I BlackList -p tcp -s a.b.c.d -d myLAN/24 -j TARPIT > > This is exactly the kind of thing that I would like to do > Is the source for iptables-gui open source? it is not open source :-) the idea is simple: - ( tcpdump or any sniffer | cleanup and extract > traffic.data.txt ) & --- iptables-gui need to sort the traffic data and insert or delete --- incoming IP# of the DDoS at the right rule# in iptables chains - crontab# iptables-gui -add or -delete > Can you point me to it or to > the documentation/resources you used to write this application. # # i assume ( require ) certain set or sequence of iptables rules # and list of the other people's IPtables howto # http://iptables-blacklist.net/Howto/ ------ Neil murphy's idea of using iptables-restore is a good idea too for add/deleting CIDRs that changes infrequently iptables-save -c > /tmp/iptables.txt sed -e s/a.b.c.d/w.x.y.z/g < /tmp/iptables.txt > /tmp/iptables.new.txt iptables-restore -c < /tmp/iptables.new.txt # # you'd need to verify save and restore works ... it didn't work # for me when i tested on debian-testing, slackware-14.x, redhat variants # # save/restore seems to work on most all versions of OpenSuSE # and rolling updates worked across 4 major patch levels from # 11.x - 12.x - 13.x - factory # # i needed iptables rules to be independent of the distro's syntax # > # eg. remove inactive ddos attacks from the blacklist > > # iptables-gui -autodelete ... w.x.y.z > > > > # the corresponding actual iptable rule: > > iptables -D BlackList -p tcp -s a.b.c.d -d myLAN/24 -j TARPIT > > Yep, this also is exactly what I'm trying to do have fun alvin http://DDoS-Mitigator.net -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
