From: Cyril J. <cyr...@fa...> - 2007-10-23 21:57:02
|
Hi James, > 1) Has anyone successfully used fail3ban on Solaris 10 with ipf? If > so, can we talk about how to set this up? > I know that some people are using fail2ban with Solaris. But I don't know which firewall they use!? > 2) Is there any support for ipf at all? If not, how hard would it be > to modify fail2ban to support ipf filter tables. > There is currently no support for ipf :( > 3) If no one has done this, how can I get started developing ipf > support with the group. > I googled a bit and it seems that you can't modify firewall rules using the command line :( You need to modify the configuration file and reload it. I never used ipf and have a limited experience with Solaris so I can be completely wrong... These links are probably interesting: http://marc.info/?l=ipfilter&m=92531868212716&w=2 http://www.sun.com/bigadmin/scripts/submittedScripts/quickipf.html Here is my suggestion: write a script that generate /etc/ipf.rules. This script will take an IP address as parameter and will create a rule that block this IP address (and other "standard" rules). Write a second script that will "unban" an IP address or just add a second parameter to the first script. Your action script will then look like: actionban = /usr/local/ipf-ban <ip> ipf -Fa -f /etc/ipf.rules actionunban = /usr/local/ipf-unban <ip> ipf -Fa -f /etc/ipf.rules Once again, I never used ipf and have not tested anything. But I don't see any big problems ;) You can probably find a nice solution using awk or sed or both of them. > Again, my apologies if I do not have the correct list.... > > 4) If not the correct list where should I post for support?? > fail2ban-users would be the correct list. I have Cc my reply to it. https://lists.sourceforge.net/lists/listinfo/fail2ban-users Regards, Cyril Jaquier |