IP drop list
Reindl Harald
h.reindl at thelounge.net
Tue Mar 3 21:43:24 UTC 2015
Am 03.03.2015 um 22:31 schrieb Oliver Welter:
> I did a quick hack for exactly this purpose - send offending IPs from my
> mail server to the firewall "in a secure way". Its a python script that
> uses the fail2ban syntax on the one end and feeds a (patched) pfSense on
> the other end. You can find the scripts on github:
> https://github.com/oliwel/fail2sense - be warned, its a first draft -
> but it does the job here...For the unblock feature you need this patch
> against pfsense https://github.com/pfsense/pfsense/pull/1444/
the problem is the "in a secure way"
that's not really possible when you mangle firewall rules which implies
root permissions - as RBL request is just a DNS request which don't need
*any* permissions on the machine which does the request
the other problem is mangle firewall rules in context of existing
infrastructures is error prone - you may interfere existing rulesets -
it's a bad idea to start with
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150303/d3ce8f6c/attachment.sig>
More information about the dovecot
mailing list