autofwd is an automated firewalling daemon intended to block hosts performing unwanted acts. While it was designed to be used to thwart hosts running dictionary attacks on logins (of any service), it can be used for just about anything. The external commands it runs are configurable, allowing you to take additional actions against offending hosts such as running an nmap OS fingerprint before firewalling, or just silently logging the event.
|Operating Systems||Unix Linux FreeBSD OpenBSD NetBSD IRIX|
Niccoló Avico has written a fantastic article on integrating autofwd events with the Nagios alarm console. You can find a link to his article via ...
Release Notes: Mail runs are now done in a forked child to prevent any interruption to processing new events. Signal handlers have been installed to ensure clean shutdown. There is a PID file, an autofw.conf(5) man page, better granularity for expunging banned hosts, and more.
Release Notes: IPv6 support was added. E-mail alerts were changed to a batch summary at five minute intervals.