BlockIt monitors the Snort alert file and creates either IPTables, IPChains, IPFWADM, IPFilter, PF, or Checkpoint Firewall rules. This version runs on Linux, FreeBSD, and OpenBSD. BlockIt has built-in CIDR support for multiple target IPs and whitelist support. Additional features include MySQL logging and email logging.
|Tags||Networking Firewalls Utilities|
|Operating Systems||POSIX Linux|
Release Notes: Additional debug logging was added for the MySQL code. A new rc.blockit2 was included for SySV systems. A "UseChain" parameter that is set to BLOCKIT by default was added.
Release Notes: rc.blockit was added to the contrib directory. Two new configuration options were added: FirewallTemporaryTarget and FirewallPermanentTarget. check_blockit_log.pl was added in the contrib directory for permanent blocking. Fixes were made for parsing of snort, SSH, and syslog ranging over more than one line.
Release Notes: Another SSH bad login check for invalid users was added. The minimum firewall time was changed from 60 to 1. A log entry is now added when the intruder blocking time is less than the minimum firewall time.
Release Notes: Support was added for IPFW, IPFILTER, PF, and Snort SigID Whitelist. Bad SSH Login support was added via syslog. Half of the code was rewritten.
Release Notes: Crashes in the write_intruders_email function and the main rules function were fixed.