From owner-freebsd-ipfw Mon Aug 28 8:25:38 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from c014.sfo.cp.net (c014-h017.c014.sfo.cp.net [209.228.12.81]) by hub.freebsd.org (Postfix) with SMTP id 2802F37B507 for ; Mon, 28 Aug 2000 08:25:30 -0700 (PDT) Received: (cpmta 14258 invoked from network); 28 Aug 2000 08:25:29 -0700 Received: from m12hRs4n205.midsouth.rr.com (HELO development1) (24.95.125.205) by smtp.valuedata.net (209.228.12.81) with SMTP; 28 Aug 2000 08:25:29 -0700 X-Sent: 28 Aug 2000 15:25:29 GMT Message-ID: <002d01c01103$ed055e60$0200000a@development1> From: "Daryl Chance" To: "FreeBSD IPFW" Subject: ipfw add exec(blah).... Date: Mon, 28 Aug 2000 10:23:31 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, Has there ever been any type of discussion about adding something to ipfw to execute a certain command if a fw rule is triggered? There could be a little use for this, but the only couple I can really think of is: a) if a deny rule is triggered you could run tcpdump for a little, the rule could possibly pass on some variables to the script (ip address:port denied) so you could pipe tcpdump through grep for the ip addie/port, watching for any other attemps. b) you could setup a script to email you or play a sound wav or some visual type of alert. Thoughts? I don't know much about the IPFW code, so I couldn't code a patch for it :). This a good idea? or could it allow for a possible security problem? Thanks, -------------------------------------------------------- | Daryl Chance | I have made this letter longer then | | Valuedata, LLC | usual because I lacked the time to | | Memphis, TN | make it shorter. -- Blaise Pascal | -------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message