Community discussions

MikroTik App
 
User avatar
smurphy
Member Candidate
Member Candidate
Topic Author
Posts: 103
Joined: Wed Feb 06, 2008 6:48 pm
Location: Clermont / France
Contact:

dynamic blacklisting ? ulog/shorewall ?

Thu Feb 07, 2008 8:39 pm

Hi Folks,

as I do this on my already existing router/modem/firewall (Based on a CV860A Lex mini-ITX), and I am planing in duplicating that functionality onto the RB153 that should arrive soon - here my specific question.

I have a DB-Server that concentrates all security informations from portscan, ssh-password probing etc. inside a Mysql Database. Now - portscans are written in there through the ulog extention of iptables, and other attacks - I wrote some scripts to detect these and put an entry into the Mysql-DB.

As soon as Changes are performed - a small daemon running on my firewall checks the new entries in the Mysql-DB (remotely over the network - openvpn tunnel) - and adds the attacker IP's to a dyamic blacklist.

Note that I use shorewall as firewall on that box - have setup an own mini-linux on it...

Now - to my questions:
1.
a. Is there a possibility to remotely perform changes on the routerOS firewall - via scripting ?

- or -

b. do I have the possibility to actually write own scripts that will be executed on the RB153/RouterOS ?
2.
also - does the iptabls Implementation on the routerOS has a Ulog extension inside ?

3. Is there the possibility to use Shorewall on RouterOS ? it's one of the most flexible firewall-generating scripts I have seen...


Thx for any response ...
Cheers
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: dynamic blacklisting ? ulog/shorewall ?

Fri Feb 08, 2008 9:39 am

you can write some kind of expect script on your DB machine that will telnet into your RouterOS machine and inject the data from the SQL to the RouterOS Firewall Address List (that can be used for black/white listing).

Yes, you can also write your own scripts, and for example make ROS fetch a text file that contains the addresses as firewall commands.
 
User avatar
smurphy
Member Candidate
Member Candidate
Topic Author
Posts: 103
Joined: Wed Feb 06, 2008 6:48 pm
Location: Clermont / France
Contact:

Re: dynamic blacklisting ? ulog/shorewall ?

Fri Feb 08, 2008 9:25 pm

Thx for the headsup ... I did also read all I could find and discovered that a similar way to dynamically blacklist IP's exist somewhere else. However add to it the fetch option sounds really great.

another question - as I do some decent statistical analysis - do you have ulog extention for the routerOS ?
ulogd ? as this would ease drastically all what I have in mind doing with that box.
Guess I'll have to compile it myself for that box if not ...

Thx for any hints.
Joerg

Who is online

Users browsing this forum: Bing [Bot], Ligaciputravip and 20 guests