Re: PF log parser and dynamic PF rules...

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Claudio Jeker

Subject: Re: PF log parser and dynamic PF rules...

Date: Tuesday, February 16, 2010 - 2:40 am

On Tue, Feb 16, 2010 at 10:22:04AM +0100, Per-Olov Sjvholm wrote:
quoted text> Hi "misc"
> 
> I am looking for a tool to use as a trigger for dynamically open PF ports from
> certain IP:s.
> 
> I will access non critical info but want at least a port knocker as security.
> 
> If I access an IP on my DMZ that is not in use on a port that is fake I want
> to dynamically add a PF rule for a totally different purpose. Let's say I
> access http://1.2.3.4:45321 which is blocked and logged in PF, what is the
> easiest way to create a trigger from the PF log or the PF log device?
> 
> A cron job with grep in the PF log and then run pfctl to add the rule is from
> many points of view a bad choice... I don't want to dig through the PF log as
> it can be huge, and I don't want to use a cron job as it takes to long..
> 

There is a way to do port knocking in pf without any external help. Maybe
you can figure it out. I will not give more hints since port knocking is a
dumb idea better spend your time reading on authpf(8).

-- 
:wq Claudio

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 2:22 am)

Re: PF log parser and dynamic PF rules..., Bret S. Lambert, (Tue Feb 16, 2:25 am)

Re: PF log parser and dynamic PF rules..., Bret S. Lambert, (Tue Feb 16, 2:30 am)

Re: PF log parser and dynamic PF rules..., Claudio Jeker, (Tue Feb 16, 2:40 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 2:53 am)

Re: PF log parser and dynamic PF rules..., Lars Nooden, (Tue Feb 16, 3:11 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 3:15 am)

Re: PF log parser and dynamic PF rules..., Peter N. M. Hansteen, (Tue Feb 16, 3:17 am)

Re: PF log parser and dynamic PF rules..., Bret S. Lambert, (Tue Feb 16, 3:17 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 3:28 am)

Re: PF log parser and dynamic PF rules..., Bret S. Lambert, (Tue Feb 16, 3:35 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 3:39 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 3:44 am)

Re: PF log parser and dynamic PF rules..., Lars Nooden, (Tue Feb 16, 3:44 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 3:57 am)

Re: PF log parser and dynamic PF rules..., Jussi Peltola, (Tue Feb 16, 4:03 am)

Re: PF log parser and dynamic PF rules..., Peter N. M. Hansteen, (Tue Feb 16, 4:06 am)

Re: PF log parser and dynamic PF rules..., Lars Nooden, (Tue Feb 16, 4:06 am)

Re: PF log parser and dynamic PF rules..., Bret S. Lambert, (Tue Feb 16, 4:07 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 4:25 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 4:27 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 4:41 am)

Re: PF log parser and dynamic PF rules..., Bret S. Lambert, (Tue Feb 16, 4:43 am)

Re: PF log parser and dynamic PF rules..., Peter N. M. Hansteen, (Tue Feb 16, 4:52 am)

Re: PF log parser and dynamic PF rules..., Bret S. Lambert, (Tue Feb 16, 6:28 am)

Re: PF log parser and dynamic PF rules..., Floor Terra, (Tue Feb 16, 6:34 am)

Re: PF log parser and dynamic PF rules..., Eugene Yunak, (Tue Feb 16, 9:17 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 4:40 pm)

Re: PF log parser and dynamic PF rules..., Paul de Weerd, (Tue Feb 16, 4:57 pm)

Re: PF log parser and dynamic PF rules..., Randal L. Schwartz, (Tue Feb 16, 6:07 pm)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Tue Feb 16, 11:51 pm)

Re: PF log parser and dynamic PF rules..., Kenneth R Westerback, (Wed Feb 17, 4:31 am)

Re: PF log parser and dynamic PF rules..., Peter Hessler, (Wed Feb 17, 4:38 am)

Re: PF log parser and dynamic PF rules..., Per-Olov Sjöholm, (Wed Feb 17, 1:56 pm)


linux-kernel:
Ken Chen	[patch] sched: fix inconsistency when redistribute per-cpu tg->cfs_rq shares.
Ingo Molnar	Re: [PATCH v3] x86: merge the simple bitops and move them to bitops.h
Jan Engelhardt	Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
Dmitry Torokhov	Re: [2.6 patch] input/serio/hp_sdc.c section fix
Rafael J. Wysocki	[Bug #16380] Loop devices act strangely in 2.6.35
git:
Steven Grimm	Using git as a general backup mechanism (was Re: Using GIT to store /etc)
Jeff King	Re: [PATCH] git-reset: allow --soft in a bare repo
Johannes Sixt	Re: [PATCH 01/14] msvc: Fix compilation errors in compat/win32/sys/poll.c
Johannes Schindelin	Re: [PATCH] Uninstall rule for top level Makefile
Shawn O. Pearce	Re: [PATCH v2] Speed up bash completion loading
git-commits-head:
Linux Kernel Mailing List	cgroups: clean up cgroup_pidlist_find() a bit
Linux Kernel Mailing List	sony-laptop: Add support for extended hotkeys
Linux Kernel Mailing List	IB/core: Add support for masked atomic operations
Linux Kernel Mailing List	V4L/DVB (8939): cx18: fix sparse warnings
Linux Kernel Mailing List	ipv6 mcast: Check address family of gf_group in getsockopt(MS_FILTER).
linux-netdev:
Inaky Perez-Gonzalez	[PATCH 40/40] wimax/i2400m: add CREDITS and MAINTAINERS entries
Karsten Keil	[mISDN PATCH v2 05/19] Reduce stack size in dsp_cmx_send()
linux	Re: 2.6.23-rc8 network problem. Mem leak? ip1000a?
David Miller	Re: tun: Use netif_receive_skb instead of netif_rx
David Miller	Re: [net-next PATCH v2] llc enhancements
freebsd-current:
Matthew Fleming	Re: [RFC] Outline of USB process integration in the kernel taskqueue system
illoai@gmail.com	Re: OT: 2d password
Hartmut Brandt	Re: problem with nss_ldap
Andrew Reilly	Re: FreeBSD's problems as seen by the BSDForen.de community
Max Laier	Re: Upcoming ABI Breakage in RELENG_7