PF log parser and dynamic PF rules...

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Per-Olov Sjöholm

Subject: PF log parser and dynamic PF rules...

Date: Tuesday, February 16, 2010 - 2:22 am

Hi "misc"

I am looking for a tool to use as a trigger for dynamically open PF ports from
certain IP:s.

I will access non critical info but want at least a port knocker as security.

If I access an IP on my DMZ that is not in use on a port that is fake I want
to dynamically add a PF rule for a totally different purpose. Let's say I
access http://1.2.3.4:45321 which is blocked and logged in PF, what is the
easiest way to create a trigger from the PF log or the PF log device?

A cron job with grep in the PF log and then run pfctl to add the rule is from
many points of view a bad choice... I don't want to dig through the PF log as
it can be huge, and I don't want to use a cron job as it takes to long..

Any suggestions appreciated.


Thanks in advance
/Per-Olov

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 2:22 am)

Re: PF log parser and dynamic PF rules..., Bret S. Lambert, (Tue Feb 16, 2:25 am)

Re: PF log parser and dynamic PF rules..., Bret S. Lambert, (Tue Feb 16, 2:30 am)

Re: PF log parser and dynamic PF rules..., Claudio Jeker, (Tue Feb 16, 2:40 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 2:53 am)

Re: PF log parser and dynamic PF rules..., Lars Nooden, (Tue Feb 16, 3:11 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 3:15 am)

Re: PF log parser and dynamic PF rules..., Peter N. M. Hansteen, (Tue Feb 16, 3:17 am)

Re: PF log parser and dynamic PF rules..., Bret S. Lambert, (Tue Feb 16, 3:17 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 3:28 am)

Re: PF log parser and dynamic PF rules..., Bret S. Lambert, (Tue Feb 16, 3:35 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 3:39 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 3:44 am)

Re: PF log parser and dynamic PF rules..., Lars Nooden, (Tue Feb 16, 3:44 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 3:57 am)

Re: PF log parser and dynamic PF rules..., Jussi Peltola, (Tue Feb 16, 4:03 am)

Re: PF log parser and dynamic PF rules..., Peter N. M. Hansteen, (Tue Feb 16, 4:06 am)

Re: PF log parser and dynamic PF rules..., Lars Nooden, (Tue Feb 16, 4:06 am)

Re: PF log parser and dynamic PF rules..., Bret S. Lambert, (Tue Feb 16, 4:07 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 4:25 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 4:27 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 4:41 am)

Re: PF log parser and dynamic PF rules..., Bret S. Lambert, (Tue Feb 16, 4:43 am)

Re: PF log parser and dynamic PF rules..., Peter N. M. Hansteen, (Tue Feb 16, 4:52 am)

Re: PF log parser and dynamic PF rules..., Bret S. Lambert, (Tue Feb 16, 6:28 am)

Re: PF log parser and dynamic PF rules..., Floor Terra, (Tue Feb 16, 6:34 am)

Re: PF log parser and dynamic PF rules..., Eugene Yunak, (Tue Feb 16, 9:17 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 4:40 pm)

Re: PF log parser and dynamic PF rules..., Paul de Weerd, (Tue Feb 16, 4:57 pm)

Re: PF log parser and dynamic PF rules..., Randal L. Schwartz, (Tue Feb 16, 6:07 pm)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 11:51 pm)

Re: PF log parser and dynamic PF rules..., Kenneth R Westerback, (Wed Feb 17, 4:31 am)

Re: PF log parser and dynamic PF rules..., Peter Hessler, (Wed Feb 17, 4:38 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Wed Feb 17, 1:56 pm)


linux-kernel:
Ken Chen	[patch] sched: fix inconsistency when redistribute per-cpu tg->cfs_rq shares.
Hugh Dickins	Re: Linux 2.6.26-rc1 - pgtable_32.c:178 pmd_bad
Bernhard Beck	[PATCH 001/001] usb-serial: Add ThinkOptics WavIT
Oleg Nesterov	Re: [PATCH 4/5] don't panic if /sbin/init exits or killed
Greg KH	[patch 07/21] rtc-pcf8563: detect polarity of century bit automatically
git:
Jonathan del Strother	Re: [PATCH] Fixing path quoting issues
Gerrit Pape	[PATCH] fix skipping merge-order test with NO_OPENSSL=1.
Linus Torvalds	Re: Implementing branch attributes in git config
Johannes Schindelin	Re: Trying to use git-filter-branch to compress history by removing large, obsolet...
Gerrit Pape	[PATCH] hooks--update: fix test for properly set up project description file
linux-netdev:
David Miller	Re: [PATCH 04/15] tg3: Preserve LAA when device control is released
Jean-Louis Dupond	Re: tg3 driver not advertising 1000mbit
Sven Wegener	[PATCH] ipvs: Add missing locking during connection table hashing and unhashing
David Miller	Re: [PATCH] qlcnic: dont assume NET_IP_ALIGN is 2
Stephen Hemminger	[PATCH 2/2] sky2: fix transmit state on resume
git-commits-head:
Linux Kernel Mailing List	[SCSI] scsi ioctl: fix kernel-doc warning
Linux Kernel Mailing List	ALSA: HDA - Correct trivial typos in comments.
Linux Kernel Mailing List	i2c-viapro: Add support for SMBus Process Call transactions
Linux Kernel Mailing List	i2c: Documentation: upgrading clients HOWTO
Linux Kernel Mailing List	[PATCH] fix sysctl_nr_open bugs
openbsd-misc:
Die Gestalt	Re: How to re-build openssl with SHA1 support?
Edwin Eyan Moragas	Re: managing routes for multiple PPPoE connections
Brian Candler	Re: OBSD's perspective on SELinux
Jonathan Schleifer	Why is getaddrinfo breaking POSIX?
Predrag Punosevac	Re: Kernel developers guide/tutorial