Projects / BlockIt

BlockIt

BlockIt monitors the Snort alert file and creates either IPTables, IPChains, IPFWADM, IPFilter, PF, or Checkpoint Firewall rules. This version runs on Linux, FreeBSD, and OpenBSD. BlockIt has built-in CIDR support for multiple target IPs and whitelist support. Additional features include MySQL logging and email logging.

Tags
Licenses
Operating Systems
Implementation

RSS Recent releases

Release Notes: Additional debug logging was added for the MySQL code. A new rc.blockit2 was included for SySV systems. A "UseChain" parameter that is set to BLOCKIT by default was added.

Release Notes: rc.blockit was added to the contrib directory. Two new configuration options were added: FirewallTemporaryTarget and FirewallPermanentTarget. check_blockit_log.pl was added in the contrib directory for permanent blocking. Fixes were made for parsing of snort, SSH, and syslog ranging over more than one line.

Release Notes: Another SSH bad login check for invalid users was added. The minimum firewall time was changed from 60 to 1. A log entry is now added when the intruder blocking time is less than the minimum firewall time.

Release Notes: Support was added for IPFW, IPFILTER, PF, and Snort SigID Whitelist. Bad SSH Login support was added via syslog. Half of the code was rewritten.

  •  23 Jun 2005 00:58

Release Notes: Crashes in the write_intruders_email function and the main rules function were fixed.

RSS Recent comments

13 Feb 2006 14:38 agarzon Thumbs up

nice but....
I probe the blockit, and work fine... but have 2 items not working...

1. MySQL connection.... the intruders database is always empty...

2. Email report... never send Mails....

I read the source of install... and have some errors.... if you want i can send the fix.... and i can help you, making a Spanish Pack of BLOCKIT.

See you...

31 Aug 2004 19:18 bossi Thumbs up

the new version this very good one
Hello

I liked new resources a lot to detect the ip address.

BoSSi

28 Jun 2004 23:16 lordvega

Re: NEW in 1.3.0

> Nice tool. However, I have just one

> gripe.

>

> Blockit creates multiple iptable

> entries. This can make the BLOCKIT chain

> much longer than it needs to be. The

> daemon really should check for a

> matching rule before adding a new

> one.

>

This was fixed iin the latest development release. I would run this release because it contains mostly bug fixes then the stable release.

28 Jun 2004 11:18 hulse_kevin

Re: NEW in 1.3.0
Nice tool. However, I have just one gripe.

Blockit creates multiple iptable entries. This can make the BLOCKIT chain much longer than it needs to be. The daemon really should check for a matching rule before adding a new one.

28 Feb 2003 14:01 lordvega

Re: NEW in 1.3.0

> I forgot to mention it but IPCHAINS,
> IPFW, and Checkpoint Firewall support
> were also added in the new 1.3.0
> Release.

I meant IPFWADM not IPFW. :)

Screenshot

Project Spotlight

WireframeSketcher

A wireframes, mockup, and prototype tool for desktop, Web, and mobile applications.

Screenshot

Project Spotlight

Opendedup

A deduplication-based filesystem for Windows and Linux (SDFS).