as I do this on my already existing router/modem/firewall (Based on a CV860A Lex mini-ITX), and I am planing in duplicating that functionality onto the RB153 that should arrive soon - here my specific question.
I have a DB-Server that concentrates all security informations from portscan, ssh-password probing etc. inside a Mysql Database. Now - portscans are written in there through the ulog extention of iptables, and other attacks - I wrote some scripts to detect these and put an entry into the Mysql-DB.
As soon as Changes are performed - a small daemon running on my firewall checks the new entries in the Mysql-DB (remotely over the network - openvpn tunnel) - and adds the attacker IP's to a dyamic blacklist.
Note that I use shorewall as firewall on that box - have setup an own mini-linux on it...
Now - to my questions:
a. Is there a possibility to remotely perform changes on the routerOS firewall - via scripting ?
- or -
b. do I have the possibility to actually write own scripts that will be executed on the RB153/RouterOS ?
also - does the iptabls Implementation on the routerOS has a Ulog extension inside ?
3. Is there the possibility to use Shorewall on RouterOS ? it's one of the most flexible firewall-generating scripts I have seen...
Thx for any response ...