Classnotes | UNIX03 | RecentChanges | Preferences This Adaptive Firewall system involves a number of simple parts and the usage of both IP Tables and TCP Wrappers.
First, the /etc/hosts.allow file is configured to allow or deny various services to specified hosts, IPs, or domains. The Adaptive Firewall relies on TCP Wrappers' capability that allows a system administrator to specify one ore more shell commands when denying a given service.
The Adaptive Firewall takes advantage of this to invoke a shell script called blockip (which is provided on the CD-ROM that accompanies the book). blockip will adapt the firewall in real time to stop a cracker's IP from accessing any service, will send e-mail to the System Administrators, and will page them as well, if desired. It sends different mail depending on whether the attacker is new or a return vistor (and still being blocked). blockip also has various "bells and whistles" than can be used to produce auditory or visual indicators than an attack is underway.
blockip then writes the new rules to a startup script which can be used to restore them at next boot.
