SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001716: Auto blocking IP based on SNORT logs - MantisBT
MantisBT - Endian Firewall
View Issue Details
0001716Endian FirewallFirewall (iptables)public2009-03-30 19:402010-07-17 12:19
lightningbit 
 
normalfeatureN/A
newopen 
2.2-rc3 
 
0001716: Auto blocking IP based on SNORT logs
An optional module which
1/monitors the SNORT log,
and can take action when it detects certain violations (like a portscan, or a very critical alert/attack is happening)
by automatically blocking (thus adapting the firewall rules) the abusive IP address or even complete CDIR block

2/Add to that the ability (an extra option) to easily enter a list of CIDR to be blocked proactively (in an easier way then creating firewall rules for every few CDIR blocks)

the 2nd option comes from the need by a lot of people to be able to quickly block e.g. the China, Korean, Nigerian CDIR blocks from a source like this (http://www.okean.com/sinokoreacidr.txt [^])


it would be great added feature making EFW an even stronger firewall

I would appreciate the feedback on how this feature request will be received/considered

thanks

IPCOP used to have such module, called GUARDIAN (not dansguardian) which worked very well for item 1/ above
and I also used it for item 2/
No tags attached.
Issue History
2009-03-30 19:40lightningbitNew Issue
2009-03-30 19:40lightningbitAssigned To => peter-endian
2009-06-10 12:46peter-endianAssigned Topeter-endian =>
2010-01-16 10:20lightningbitNote Added: 0003666
2010-01-16 10:26lightningbitNote Deleted: 0003666
2010-01-16 10:34lightningbitNote Added: 0003669
2010-01-16 10:35lightningbitNote Edited: 0003669
2010-07-17 12:19lightningbitNote Added: 0004620

Notes
(0003669)
lightningbit   
2010-01-16 10:34   
(edited on: 2010-01-16 10:35)
more info regarding the requested blocklists:

- I'm talking about a blocklist against incoming attack/abuse/spy attempts

- it would be even nicer, if there would be an option, to integrate with http://iblocklist.com/lists.php [^] where we would be able to enterthe URL's of the lists we want to use, and with a button for each list wheter we want to blacklist (block) or whitelist them

at this moment, I'm using some of these lists, but then I get a huge long page with firewall rules

(0004620)
lightningbit   
2010-07-17 12:19   
anyone else any feedback?