BlockIt
BlockIt monitors the Snort alert file and creates either IPTables, IPChains, IPFWADM, IPFilter, PF, or Checkpoint Firewall rules. This version runs on Linux, FreeBSD, and OpenBSD. BlockIt has built-in CIDR support for multiple target IPs and whitelist support. Additional features include MySQL logging and email logging.
| Tags | Networking Firewalls Utilities |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX Linux |
| Implementation | Perl |
Recent releases
- 11 May 2006 03:07
Changes: Additional debug logging was added for the MySQL code. A new rc.blockit2 was included for SySV systems. A "UseChain" parameter that is set to BLOCKIT by default was added.
- 14 Oct 2005 01:42
Changes: rc.blockit was added to the contrib directory. Two new configuration options were added: FirewallTemporaryTarget and FirewallPermanentTarget. check_blockit_log.pl was added in the contrib directory for permanent blocking. Fixes were made for parsing of snort, SSH, and syslog ranging over more than one line.
- 28 Jun 2005 03:10
Changes: Another SSH bad login check for invalid users was added. The minimum firewall time was changed from 60 to 1. A log entry is now added when the intruder blocking time is less than the minimum firewall time.
- 25 Jun 2005 21:31
Changes: Support was added for IPFW, IPFILTER, PF, and Snort SigID Whitelist. Bad SSH Login support was added via syslog. Half of the code was rewritten.
- 23 Jun 2005 00:58
Changes: Crashes in the write_intruders_email function and the main rules function were fixed.
- All comments
Recent commentsnice but....
I probe the blockit, and work fine... but have 2 items not working...
1. MySQL connection.... the intruders database is always empty...
2. Email report... never send Mails....
I read the source of install... and have some errors.... if you want i can send the fix.... and i can help you, making a Spanish Pack of BLOCKIT.
See you...
the new version this very good one
Hello
I liked new resources a lot to detect the ip address.
BoSSi
Re: NEW in 1.3.0
> Nice tool. However, I have just one
> gripe.
>
> Blockit creates multiple iptable
> entries. This can make the BLOCKIT chain
> much longer than it needs to be. The
> daemon really should check for a
> matching rule before adding a new
> one.
>
This was fixed iin the latest development release. I would run this release because it contains mostly bug fixes then the stable release.
Re: NEW in 1.3.0
Nice tool. However, I have just one gripe.
Blockit creates multiple iptable entries. This can make the BLOCKIT chain much longer than it needs to be. The daemon really should check for a matching rule before adding a new one.
Re: NEW in 1.3.0
> I forgot to mention it but IPCHAINS,
> IPFW, and Checkpoint Firewall support
> were also added in the new 1.3.0
> Release.
I meant IPFWADM not IPFW. :)