3. Developing a DNS block via httpBL and ZEN: Question about connection detection

Developing a DNS block via httpBL and ZEN: Question about connection detection

  • F

    Background
    On all my Linode and AWS cloud machines, I have a bash script I wrote up that tail's a log of incoming/passed connections, then checks the IP doing a DNS lookup with Spamhaus' ZEN (minus PBL). If it passes that test, it does a DNS lookup with httpBL, also known as the HoneyPot Project, with a configuration that allows you to specify the number of days since last infraction and the threat level. If it's considered bad, it uses iptables to drop packets from that host. Every X hours (configured) it then rechecks currently blocked IPs.

    I like this method because the DNS based lookups are quick to update, and httpBL not only provides a wealth of data on the IP in question, but is a unique community project on it's own. My personal experience is that it catches a lot of threat IPs before they get to Spamhaus, too.

    Question
    I would like to recreate the above for my PFSense machines in package format. Currently, the best way I can think to do this is to require turning on logging for any "pass" firewall rules that a user would like the package to monitor. My questions are:

    • Is there a better way to monitor passed connections in FreeBSD?

    • What would the "appropriate" way be to block an IP in PFSense from a package install?

    Thanks,
    Ben

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy