Projects / BlockIt

BlockIt

BlockIt monitors the Snort alert file and creates either IPTables, IPChains, IPFWADM, IPFilter, PF, or Checkpoint Firewall rules. This version runs on Linux, FreeBSD, and OpenBSD. BlockIt has built-in CIDR support for multiple target IPs and whitelist support. Additional features include MySQL logging and email logging.

Tags
Licenses
Operating Systems
Implementation

Recent releases

  •  11 May 2006 10:07

    Release Notes: Additional debug logging was added for the MySQL code. A new rc.blockit2 was included for SySV systems. A "UseChain" parameter that is set to BLOCKIT by default was added.

    •  14 Oct 2005 08:42

      Release Notes: rc.blockit was added to the contrib directory. Two new configuration options were added: FirewallTemporaryTarget and FirewallPermanentTarget. check_blockit_log.pl was added in the contrib directory for permanent blocking. Fixes were made for parsing of snort, SSH, and syslog ranging over more than one line.

      •  28 Jun 2005 10:10

        Release Notes: Another SSH bad login check for invalid users was added. The minimum firewall time was changed from 60 to 1. A log entry is now added when the intruder blocking time is less than the minimum firewall time.

        •  26 Jun 2005 04:31

          Release Notes: Support was added for IPFW, IPFILTER, PF, and Snort SigID Whitelist. Bad SSH Login support was added via syslog. Half of the code was rewritten.

          •  23 Jun 2005 07:58

            Release Notes: Crashes in the write_intruders_email function and the main rules function were fixed.

            Recent comments

            13 Feb 2006 14:38 agarzon

            nice but....
            I probe the blockit, and work fine... but have 2 items not working...

            1. MySQL connection.... the intruders database is always empty...

            2. Email report... never send Mails....

            I read the source of install... and have some errors.... if you want i can send the fix.... and i can help you, making a Spanish Pack of BLOCKIT.

            See you...

            31 Aug 2004 19:18 bossi

            the new version this very good one
            Hello

            I liked new resources a lot to detect the ip address.

            BoSSi

            28 Jun 2004 23:16 lordvega

            Re: NEW in 1.3.0


            > Nice tool. However, I have just one

            > gripe.

            >

            > Blockit creates multiple iptable

            > entries. This can make the BLOCKIT chain

            > much longer than it needs to be. The

            > daemon really should check for a

            > matching rule before adding a new

            > one.

            >

            This was fixed iin the latest development release. I would run this release because it contains mostly bug fixes then the stable release.

            28 Jun 2004 11:18 hulse_kevin

            Re: NEW in 1.3.0
            Nice tool. However, I have just one gripe.

            Blockit creates multiple iptable entries. This can make the BLOCKIT chain much longer than it needs to be. The daemon really should check for a matching rule before adding a new one.

            28 Feb 2003 14:01 lordvega

            Re: NEW in 1.3.0

            > I forgot to mention it but IPCHAINS,
            > IPFW, and Checkpoint Firewall support
            > were also added in the new 1.3.0
            > Release.


            I meant IPFWADM not IPFW. :)

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.