From: Barry C. <ba...@rj...> - 2007-11-12 21:52:30
|
No problem Cyril. I, too, have a desire to run fail2ban on Solaris 10. It's just that, unfortunately, the current state of the priority queue taht is my to-do list prevents me from tinkering with IPFilter and Fail2Ban. :( Otherwise, I'd be more than happy to work on this and contribute whatever developed. Cyril Jaquier wrote: > Hi Barry, > > Thanks for the information :) > > Regards, > > Cyril > > Barry Callahan wrote: > >> This email is a reply to a message I found in the archives from last week. >> ( >> http://sourceforge.net/mailarchive/message.php?msg_id=471E6E15.4060508%40fail2ban.org >> ) >> >> From that message: >> ------------------------------------------------------------ >> > 3) If no one has done this, how can I get started developing ipf >> > support with the group. >> > >> >> I googled a bit and it seems that you can't modify firewall rules using >> the command line :( >> ------------------------------------------------------------ >> >> That's not true. >> >> From the "Working With Solaris IP Filter Rule Sets" section of the >> Solaris 10 System Administration Guide >> ( http://docs.sun.com/app/docs/doc/816-4554/6maoq0258?a=view ) >> >> ------------------------------------------------------------ >> >> >> How to Append Rules to the Active Packet Filtering Rule Set >> >> 1. >> >> Assume a role that includes the IP Filter Management rights >> profile, or become superuser. >> >> You can assign the IP Filter Management rights profile to a role >> that you create. To create the role and assign the role to a user, >> see Configuring RBAC (Task Map) in System Administration Guide: >> Security Services >> <http://docs.sun.com/app/docs/doc/816-4557/6maosrjfk?a=view>. >> >> 2. >> >> Use one of the following methods to append rules to the active >> rule set: >> >> * >> >> Append rules to the rule set at the command line using the >> ipf *-f* - command. >> >> >> # *echo "block in on dmfe1 proto tcp from 10.1.1.1/32 to any" | ipf -f -* >> >> >> ------------------------------------------------------------ >> >> I *believe*, from looking at the man page ( >> http://docs.sun.com/app/docs/doc/816-5166/ipf-1m?a=view ) to remove the >> rule from use, the only difference from the above would be that you'd >> use " | ipf -r -f - " >> >> |