Detection of incoming SMTP connections..iptables question ?
Hello, I am seeking for a solution to the following. I use an iptables based firewall which works more or less... I am trying to find a way of detecting that *no* incoming SMTP connection has occurred for a certain period .. say 5 minutes. I need a program to take a certain action if this occurs, so it has to be magical. I can interrogate the logs of course, but I wonder if any wizard out there has a neater solution. Thanks -- Regards Cliff
On Wednesday 03 October 2001 16:48, you wrote:
Hello, I am seeking for a solution to the following. I use an iptables based firewall which works more or less... I am trying to find a way of detecting that *no* incoming SMTP connection has occurred for a certain period .. say 5 minutes. I need a program to take a certain action if this occurs, so it has to be magical. I can interrogate the logs of course, but I wonder if any wizard out there has a neater solution.
Write an own rule for the SMTP port which does a -j smptchain. Add a chain for smtp which does nothing (iptables -N smtpchain ; iptables -A smtpchain) Then, write a small script in your preferred language (bash, perl, ...) which calls
iptables -L smtpchain -n -v -Z and checks the packet/byte counter for the first (only) rule in this chain. If there was no connection, the counters should be at zero. They get reset to zero using option -Z.
If you would like to know if a connection to stmp port was actually _established_, play around with iptables -A input -m state --state ESTABLISHED -j stmpchain so that stmpchain only counts packets for established connections. For the script, play around with something like while true ; do test $(iptables -L stmpchain -n -v -Z | tail -1 | gawk '{ print $1 }') -gt 0 \ || echo "Alarm" sleep 300 done Wolly
participants (2)
-
Cliff Sarginson -
Wolly