A fail2ban lite. IPQ BDB is a netfilter userspace daemon that can block or mark IP packets according to iptables rules that issue the corresponding -j NFQUEUE, as well as a Berkeley database of bad IPv4 addresses. A log parser and a banning utility add entries to the database. An IP has to be caught a configurable number of times before being blocked. Transitions between blocked and non-blocked are faded using probabilities. A halving period governs IP rehabilitation.
|Tags||Linux iptables Database Networking Security direwall netfilter_queues Netfilter|
Release Notes: This maintenance release checks building with Berkeley DB 5.x and adds a few minor enhancements.
Release Notes: There is a new option --exec-connkill (-e for short) in ibd-ban and ibd-parse. When this option is given, if an updated address reaches 100% block probability, then an external command is invoked. The command is to be configured in a new configuration file, and presumably kills any established connection. Using "conntrack -D" seems to work well, as it allows the stateful firewall to thereafter detect extraneous packets on its own. New options for ibd-judge allow it to configure nfnetfilter buffer size, ENOBUFS error notification, and each queue's max length. Various fixes.