theMiddle
By:
theMiddle

Automatic and distributed "iptables drop": Advices?

February 28, 2017 737 views
Firewall Security Linux Commands Open Source

Hi!

I've just published a project on GitHub called "SECTHEMALL" (https://github.com/SECTHEMALL/secthemall). It distributes and syncs a blacklist on all your linux servers using iptables. It can store your logs on the secthemall.com cloud, and make you able to create Rules or get graphical reports.

The purpose is to block Brute Force Attacks, Port Scan, Web Vulnerability Scan, etc... and to distribute all iptables rules, allowing you to block all potential attackers on all your servers preemptively.

If anyone has advices, parser request, any kind of idea, please let me know! At this time the project is in beta.

Thank you!
Best Regards.

-theMiddle

1 Answer
ryanpq MOD March 29, 2017
Accepted Answer

This looks pretty cool. I haven't had a chance to try it out myself but have looked over your docs. I've seen a few others create similar systems but they are usually hacked together for a single purpose. My only suggestion would be in terms of distribution. Providing a PPA/repository for deb and rpm packages would be great. Offering the service as a docker container would be easier and more universal. Creating a simple way for someone to deploy this to their stack would make it even better.

While your GIT installation method is simple and straightforward for most it does require installation of git on the target system and doesn't support automatic updates (which could be needed if an issue is reported).

Have another answer? Share your knowledge.