SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
| Anonymous | Login | 2021-03-02 10:34 UTC |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||
| 0001716 | Endian Firewall | Firewall (iptables) | public | 2009-03-30 19:40 | 2010-07-17 12:19 | ||||||
| Reporter | lightningbit | ||||||||||
| Assigned To | |||||||||||
| Priority | normal | Severity | feature | Reproducibility | N/A | ||||||
| Status | new | Resolution | open | ||||||||
| Platform | OS | OS Version | |||||||||
| Product Version | 2.2-rc3 | ||||||||||
| Target Version | Fixed in Version | ||||||||||
| Summary | 0001716: Auto blocking IP based on SNORT logs | ||||||||||
| Description | An optional module which 1/monitors the SNORT log, and can take action when it detects certain violations (like a portscan, or a very critical alert/attack is happening) by automatically blocking (thus adapting the firewall rules) the abusive IP address or even complete CDIR block 2/Add to that the ability (an extra option) to easily enter a list of CIDR to be blocked proactively (in an easier way then creating firewall rules for every few CDIR blocks) the 2nd option comes from the need by a lot of people to be able to quickly block e.g. the China, Korean, Nigerian CDIR blocks from a source like this (http://www.okean.com/sinokoreacidr.txt [^]) it would be great added feature making EFW an even stronger firewall I would appreciate the feedback on how this feature request will be received/considered thanks | ||||||||||
| Additional Information | IPCOP used to have such module, called GUARDIAN (not dansguardian) which worked very well for item 1/ above and I also used it for item 2/ | ||||||||||
| Tags | No tags attached. | ||||||||||
| Attached Files | |||||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0003669) lightningbit (reporter) 2010-01-16 10:34 edited on: 2010-01-16 10:35 |
more info regarding the requested blocklists: - I'm talking about a blocklist against incoming attack/abuse/spy attempts - it would be even nicer, if there would be an option, to integrate with http://iblocklist.com/lists.php [^] where we would be able to enterthe URL's of the lists we want to use, and with a button for each list wheter we want to blacklist (block) or whitelist them at this moment, I'm using some of these lists, but then I get a huge long page with firewall rules |
|
(0004620) lightningbit (reporter) 2010-07-17 12:19 |
anyone else any feedback? |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-03-30 19:40 | lightningbit | New Issue | |
| 2009-03-30 19:40 | lightningbit | Assigned To | => peter-endian |
| 2009-06-10 12:46 | peter-endian | Assigned To | peter-endian => |
| 2010-01-16 10:20 | lightningbit | Note Added: 0003666 | |
| 2010-01-16 10:26 | lightningbit | Note Deleted: 0003666 | |
| 2010-01-16 10:34 | lightningbit | Note Added: 0003669 | |
| 2010-01-16 10:35 | lightningbit | Note Edited: 0003669 | |
| 2010-07-17 12:19 | lightningbit | Note Added: 0004620 | |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |