Ipfreeze is a program that listens to the netlink device. It takes the source address from every incoming packet and adds it to a Netfilter "blacklist" chain. The address is removed from this chain after a user-definable period of time. This allows you to create rules that detect and halt certain odd behaviors, such as ports scans, syn floods, or connection attempts on forbidden ports.
This iptables script manage the rules insertion in the running kernel and launches ipfreeze.pl. This perl script listens on the netlink device for packets that are passed by the firewall (QUEUE target). If a packet is sent, ipfreeze get the source IP and insert a new rule in the firewall that will destroy every packets coming from that IP. This rule is automatically removed after the user defines a period (usually 10 or 20min).
Theses iptables scripts are inteded to be used on gnu/linux systems that are always connected to the internet or to protect small simple networks. I started to write this for my personnal purposes. I do not pretend it will give you maximum security but I have been using it from more that one year and I am very happy with it.
Product's homepage
Here are some key features of "ipfreeze":
· Protection from floods (like syn or ping floods)
· basic anti-nmap ports detection
· whitelist and permanent blacklist
· forbidden ports (why should someone connect to the telnet port of a firewall mmmh ?)
· Masquerading and dNAT to share your internet access.
Find us on Google+
