Building a dynamic blacklist with Netfilter's Recent module

KEEP OUT!

Article from Issue 79/2007
Author(s):

Netfilter’s Recent module builds a temporary blacklist to keep intruders off your network.

When an Intrusion Detection System (IDS) recognizes an attack, it issues a strict “keep out” order to block the intruder’s access to services. Unfortunately, other systems on the network might not benefit from this block. The Recent module by Netfilter dynamically updates the firewall access rules to create a temporary “bad guy” list. You can then configure the firewall rules so that an IP address that breaks a rule is temporarily prevented from any form of access. Recent also comes with special features for fighting port scans, and you can combine the Recent module with an external application such as Snort to create a fast and effective framework for detecting and closing out network attacks.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • The New Snort

    Get ready for a bigger and better Snort. If you're used to protecting your systems with this trusty intrusion detection tool, you'll appreciate the new features in the latest version.

  • NuFW and Edenwall

    Instead of granting access by address, the NuFW Netfilter module provides identity-based authentication. The Edenwall firewall appliance comes with built-in NuFW technology.

  • Firewall Logfile Analyzers

    Netfilter firewalls create highly detailed logfiles that nobody really wants to inspectmanually. Logfile analysis tools like IPtables Log Analyzer,Wallfire Wflogs,and FWlogwatch help administrators keep track of developments and filter for importantmessages.

  • Netfilter L7

    If you need a tool for filtering protocols that doesn’t depend on the port, try L7, an IPTables patch that operates through regular expressions.

  • KTools: KMyFirewall

    Linux has a fantastic selection of firewalls for securing stand-alone computers or whole networks. Although you can use IPTables to set up a firewall, the configuration is often the most difficult step. KMyFirewall offers a powerful, user-friendly, GUI-based approach.

comments powered by Disqus