LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 01-28-2009, 11:02 AM   #1
darklite
LQ Newbie
 
Registered: Jan 2009
Posts: 13

Rep: Reputation: 0
Debian Lenny - iptables+dnsbl/rbl check


Hello,

Is it possible to setup iptables so that I can add filters to specific ports so that iptables checks whether the connecting IP is on an rbl or dnsbl?
If it's not; allow the IP to connect, if it's on the list, block it and log the event.

Thank you for your help.

PS: I already tried http://headcandy.org/rojo/checkdnsbl but then I get the error "mysqld[3432]: warning: /etc/hosts.deny, line 20: open /usr/local/bin/checkdnsbl: Too many open files". Can I without causing problems raise the open files limit or is this dangerous?
 
Old 01-29-2009, 08:00 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,699
Blog Entries: 54

Rep: Reputation: 2962Reputation: 2962Reputation: 2962Reputation: 2962Reputation: 2962Reputation: 2962Reputation: 2962Reputation: 2962Reputation: 2962Reputation: 2962Reputation: 2962
As far as I know the DNS-bl is for ISP-only use and RBLs are usually associated with MTA-usage, not Netfilter. Checkdnsbl is a shell script (interpreted), doesn't use 'mktemp', works only if your `man 5 hosts_access` uses "aclexec" (not spawn) and caches queries by sleeping each for 5 minutes (default). So if you would deploy it for all services on a host that sees lots of connections you'll notice 'sleep' processes the amount of unique IP addresses it checks times the services that get hit. Not that I know of any alternative (the closest I've come to remote checks is http://people.netfilter.org/~peejix/...oip-HOWTO.html but that's not what you're looking for) and I've seen better methods to wreck performance :-] Why not just use RBLs with your MTA, block ingress and egress bogons, use iptables modules like "recent", deploy Snort with an access blocker, anything but this... makes me wonder (this being the Linux Security forum) what you would get out of it security-wise anyway?.. (and welcome to LQ BTW, hope you like it here)
 
Old 01-30-2009, 02:18 AM   #3
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
packetbl does exactly what you're asking.
 
Old 01-31-2009, 06:42 AM   #4
darklite
LQ Newbie
 
Registered: Jan 2009
Posts: 13

Original Poster
Rep: Reputation: 0
thanks for the help :-)
 
  


Reply

Tags
debian, iptables, lenny


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DNSBL blocks and iptables fukawi2 Linux - Networking 2 10-26-2008 07:57 PM
Updating Debian Etch to Debian Lenny bartock Debian 4 02-09-2008 09:15 AM
Tuxguitar on Debian Lenny real_archer Linux - Software 5 12-16-2007 09:18 AM
RBL Check Infinite-Monkeys timed out and was killed romel Red Hat 2 05-22-2004 12:25 AM
I need RBL/DNS Server and RBL list cccc General 0 01-09-2004 04:57 PM


All times are GMT -5. The time now is 11:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration