You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently my systems use Puppet to manage all firewall rules. The behavior of the Puppetlabs Firewall module allows for unmanaged rules to be "purged". This is problematic on hosts that also run OSSEC with firewall-drop.sh enabled. For the time being I've had to only rely on the host-deny active response which only covers a small number of services.
A feature I'd like to see is the firewall-drop.sh using iptables chains specific to OSSEC, and that the chain for OSSEC be where firewall-drop.sh adds the blocked IP addresses. This is likely non-trivial to implement as would require something to either check for the existence of the chains at service start, or to ensure they exist every time firewall-drop.sh is executed.
Basic idea I implemented ad-hoc to validate it could work:
Currently my systems use Puppet to manage all firewall rules. The behavior of the Puppetlabs Firewall module allows for unmanaged rules to be "purged". This is problematic on hosts that also run OSSEC with firewall-drop.sh enabled. For the time being I've had to only rely on the host-deny active response which only covers a small number of services.
A feature I'd like to see is the firewall-drop.sh using iptables chains specific to OSSEC, and that the chain for OSSEC be where firewall-drop.sh adds the blocked IP addresses. This is likely non-trivial to implement as would require something to either check for the existence of the chains at service start, or to ensure they exist every time firewall-drop.sh is executed.
Basic idea I implemented ad-hoc to validate it could work:
Then the change to firewall-drop.sh:
The text was updated successfully, but these errors were encountered: