Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Developing a DNS block via httpBL and ZEN: Question about connection detection

    pfSense Packages
    1
    1
    565
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Fmstrat last edited by

      Background
      On all my Linode and AWS cloud machines, I have a bash script I wrote up that tail's a log of incoming/passed connections, then checks the IP doing a DNS lookup with Spamhaus' ZEN (minus PBL). If it passes that test, it does a DNS lookup with httpBL, also known as the HoneyPot Project, with a configuration that allows you to specify the number of days since last infraction and the threat level. If it's considered bad, it uses iptables to drop packets from that host. Every X hours (configured) it then rechecks currently blocked IPs.

      I like this method because the DNS based lookups are quick to update, and httpBL not only provides a wealth of data on the IP in question, but is a unique community project on it's own. My personal experience is that it catches a lot of threat IPs before they get to Spamhaus, too.

      Question
      I would like to recreate the above for my PFSense machines in package format. Currently, the best way I can think to do this is to require turning on logging for any "pass" firewall rules that a user would like the package to monitor. My questions are:

      • Is there a better way to monitor passed connections in FreeBSD?

      • What would the "appropriate" way be to block an IP in PFSense from a package install?

      Thanks,
      Ben

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy