2 # Adds an IP to the IPFW drop list.
3 # Only works with IPFW.
4 # We use TABLE 00001. If you use this table for anything else,
5 # please change it here.
7 # Author: Rafael Capovilla - under @ ( at ) underlinux.com.br
8 # Author: Daniel B. Cid - dcid @ ( at ) ossec.net
9 # Last modified: May 07, 2006
24 echo "`date` $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log
28 if [ "x${IP}" = "x" ]; then
29 echo "$0: <action> <username> <ip>"
36 if [ "x${ACTION}" != "xadd" -a "x${ACTION}" != "xdelete" ]; then
37 echo "$0: Invalid action: ${ACTION}"
42 # We should run on FreeBSD
43 # We always use table 00001 and rule id 00001.
44 if [ "X${UNAME}" = "XFreeBSD" ]; then
45 ls ${IPFW} >> /dev/null 2>&1
50 # Check if our table is set
51 ${IPFW} show | grep "^00001" | grep "table(1)" >/dev/null 2>&1
53 # We need to add the table
54 ${IPFW} -q 00001 add deny ip from table\(${TABLE_ID}\) to any
55 ${IPFW} -q 00001 add deny ip from any to table\(${TABLE_ID}\)
59 # Executing and exiting
60 ${IPFW} -q table ${TABLE_ID} ${ACTION} ${IP}