BlockHosts
BlockHosts is a script to record how many times a local system is attacked, based on configurable scanning of system logs for sshd or other services. When a particular IP address exceeds a configured number of failed login attempts, that IP address is blocked using hosts.allow files, or by using null-routing, or by using packet filtering. An email notification facility is also available.
| Tags | Networking |
|---|---|
| Licenses | Public Domain |
| Operating Systems | Unix |
| Implementation | Python |
Recent releases
- 17 May 2008 21:04
Changes: iptables is now updated by inserting blockhosts blocking rules at the beginning of the chain instead of at the end. This will allow servers with default policy of both DROP or ACCEPT to make use of blockhosts. Both INPUT and FORWARD chains will now block traffic from rogue IP hosts.
- 15 Jan 2008 04:50
Changes: The log match rules were updated to accept lines without a colon (:) after the [pid]. This is seen in some Debian and Ubuntu installs, at least.
- 27 Dec 2007 07:43
Changes: The keywords {LOG_PREFIX{service-name}} and {HOST_IP} were added to make it easier to write patterns to scan log files. Support for Source Mage Linux logs was also added.
- 15 Dec 2007 23:34
Changes: Logging and mail notification were improved. Logwatch scripts are now included to provide a summary of blockhosts activity. Mail can now be set to send only if there are errors or warnings or notice level messages.
- 10 Nov 2007 12:17
Changes: The ipblock option for "ip route" now accepts a path for the ip command.
