active response script for nftables

ossec / ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

http://www.ossec.net

Other

4.44k stars 1.04k forks source link

active response script for nftables #2029

Closed ChristianBeer closed 2 years ago

ChristianBeer commented 2 years ago

Does the same as firewall-drop.sh and firewalld-drop.sh but for nftables (default in Debian 10+). Needs a bit more steps to setup but does a very good job. Documentation should be updated to contain maybe an example for the nftables configuration.

Tested on Debian 11 with IPv4 and IPv6 adresses.

atomicturtle commented 2 years ago

Thanks for the PR, this is great work!

ChristianBeer commented 2 years ago

@atomicturtle Thanks for including this in the 3.7.0 release. Don't forget to merge the documentation PR too as this contains a useful config snippet.