This repository has been archived by the owner on Jan 26, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
rodan/laboule
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Latest commit634dec8 · | ||||
Repository files navigation
* description laboule - the iptables chain manager for impolite IPs this daemonized bash script performs the following tasks: - binds itself to a unix socket and listens for 'ban' and 'count' commands - log parsers decide if an IP has performed an illegal operation and send a row to that socket: IP PROFILE COMMAND WHATEVER_EXTRA_INFO IP can either be ipv4 or ipv6 PROFILE is a user-defined string (see /etc/laboule/laboule.conf) COMMAND is one of 'count' or 'ban' WHATEVER_EXTRA_INFO will be logged into /var/log/laboule/ for the count command: if an IP is counted more than $PROFILE_ban_excuses times in an interval of $PROFILE_ban_period seconds it will be banned for N * $PROFILE_deny_buffer_period minutes, where N is how many times this ban has happened in the past for this IP for the ban command: the IP is outright banned for N * $PROFILE_deny_buffer_period minutes, where N is how many times this ban has happened in the past for this IP in the case of laboule-tarpit the use scenario is equivalent, however the IP does not receive a DROP rule, but a REDIRECT to another port where a tarpit/honeypot is listening. ipv6 has not been thoroughly tested with laboule-tarpit. syncronous syslog parsing is also available, see laboule_syslog_parser.sh for an example * dependencies - iptables (with optional ipv6 support) - a tmpfs in /dev/shm for quick activity searches - daemontools (used by the sample init scripts and for logging) - optional - daemontools-scripts (used by laboule --start) - optional - logsentry (used by some of the sample log parsers) - optional - conntrack-tools (used by one of the sample log parsers) - optional - any firewall software can be used, provided that some glue logic is provided: after firewall (re)start the following scripts are run: /usr/bin/laboule --init /usr/bin/laboule-tarpit --init /usr/bin/laboule --init6 /usr/bin/laboule-tarpit --init6 (run only those that apply in your use case) (these end up in /etc/shorewall*/start if shorewall is used) and make sure you locate the proper parent chain (calling_chain) into which laboule will inject it's logic (example laboule*.confs work with shorewall) Author: Petre Rodan <[email protected]> Available from: https://github.com/rodan/laboule License: BSD
About
the iptables chain manager for impolite IPs