Question
Automatic and distributed "iptables drop": Advices?
- Posted on February 28, 2017
- FirewallSecurityLinux CommandsOpen Source
Asked by Andrea Menin
Hi!
I’ve just published a project on GitHub called “SECTHEMALL” (https://github.com/SECTHEMALL/secthemall). It distributes and syncs a blacklist on all your linux servers using iptables. It can store your logs on the secthemall.com cloud, and make you able to create Rules or get graphical reports.
The purpose is to block Brute Force Attacks, Port Scan, Web Vulnerability Scan, etc… and to distribute all iptables rules, allowing you to block all potential attackers on all your servers preemptively.
If anyone has advices, parser request, any kind of idea, please let me know! At this time the project is in beta.
Thank you! Best Regards.
-theMiddle
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
This looks pretty cool. I haven’t had a chance to try it out myself but have looked over your docs. I’ve seen a few others create similar systems but they are usually hacked together for a single purpose. My only suggestion would be in terms of distribution. Providing a PPA/repository for deb and rpm packages would be great. Offering the service as a docker container would be easier and more universal. Creating a simple way for someone to deploy this to their stack would make it even better.
While your GIT installation method is simple and straightforward for most it does require installation of git on the target system and doesn’t support automatic updates (which could be needed if an issue is reported).