SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files
BlockIt 1.4.3a - May 10, 2006
COMMENTS: Added some logging for MySQL. It'll help me debug emails questions. Thanks to Alexander Garzon from PHP of Venezuela Foundation for a new rc.blockit2 file in contrib. Miguel Angel Flores added the "UseChain" parameter by default it'll be set to BLOCKIT but now thanks to him you can set it to which ever target chain/table e you wish.

-=MINOR=-

  1. rc.blockit2 added to contrib directory

-=MAJOR=-

  1. New config option: UseChain

***TODO***
Scheduled Release - 1.4.3
1) Add user defined external firewall script support.

Scheduled Release - 1.4.4
1) Add SIGHUP support for configuration options

Scheduled Release - 1.4.5
1) Add SYSLOG logging support

Scheduled Release - 1.4.6
1) Add -c option to specify alternate config directory

Scheduled Release - 1.4.7
1) Add threshold support for blocking

Scheduled Release - 1.4.8
1) Create external database program for people who don't use DBI.

Scheduled Release - 1.4.8-1.4.9
1) Create packages for fedora/debian/slackware/gentoo

Scheduled Release - 1.5.0
1) Native Cisco PIX Support

Scheduled Release - 1.6.0
1) Create Web FrontEnd to Administer BlockIt

Scheduled Release - 2.0
1) Monitor Snort MySQL databases for because who want Snort/ACID/BlockIt

Scheduled Release - Any One of These Releases 1) Add Better Documentation
2) Add ability to port block instead of full IP block

BlockIt 1.4.2 - October 13, 2005
COMMENTS: Frank Schmidt sent in a patch for 1.4.0rc2. This release is based on his patches merged into 1.4.1. Here are his comments.

<--BEGIN-->
* bugfixes. Eg. fixes for parsing of snort, SSH and syslog ranging over more than one line etc.

  • new config option: FirewallTemporaryTarget (only implemented for iptables/ipchains. Tested with iptables since that's what I use) The option allows you to set a firewall target for temporary blocks. Ie, you may want to continue logging to further increase the host penalty if the host still tries to connect after being blocked (a human will give up). Thus a host may become permanently blocked for persisting in "minimum attacks". You don't know if it's an attack, but a host should respect being blocked. :-> This makes the syslog-parsing more effective for ruling out mindless scanners. Without this option, scanners will simply be blocked/unblocked repeatedly and not penaltized enough.

    Because of the limited database, the code rewrite attempts more firewall-blocks/unblocks since the daemon doesn't know the current state of the firewall. However, this also let's BlockIt fix errors in synchronisation between the database and firewall, and I believe the cost is negible. A better database for blocked hosts would fix this in the future.

  • new config option: FirewallPermanentTarget (only implemented for iptables/ipchains. Tested with iptables since that's what I use) Lets you set the permanent firewall rule. This time around, logging everything for those hosts who are permanently blocked may open you up for DOS, so I just set DROP or DENY here as default.. As a bonus, firewall-logging is reduced.
  • New lines for SSH-logs. You might review some of the SSH penalties. I may be too harsh on people not attempting a login when they connect setting it to medium priority.

The penalties and config-file is tuned to my own site, which has to have some leeway for people writing false passwords and whatnot. However, it might not suit another site.

I've also made a quick'n dirty cron-job to watch the intruders alert-log (check_blockit_log.pl). If somebody has been blocked more than eg. 5 times, they're permanently blocked. With logrotation every month, I think that's acceptable at my site. It stops certain low-profile attackers that can be stopped this way. The script depends on a new line being logged to the intruders-logfile. It can be improved in many ways, as you will see from the sourcecode ;-) Or it could be included in the main daemon along with a more detailed database. The last way would be best since logrotation will mess up the logs eg. every month or so.

The blockit.ignore file contains some IP-segments that may be wise to block as a default. Eg. my Linksys router uses 195.75.75.75 for something snort didn't like, and got blocked as a result, shutting down internet access while I was on vacation ;) I'm sure there are more special network addresses to check for, but I don't know them.

You may do with the code as you see fit, and I hope for it to be included in the main trunk in the best way you see fit :-) <--END-->

-=MINOR=-

  1. rc.blockit added to contrib directory.

-=MAJOR=-

  1. New config option: FirewallTemporaryTarget
  2. New config option: FirewallPermanentTarget
  3. check_blockit_log.pl - in contrib directory for permanete blocking

-=BUG=-

  1. Fixes for parsing of snort, SSH and syslog ranging over more than one line etc.

***TODO***
Scheduled Release - 1.4.3
1) Add user defined external firewall script support.

Scheduled Release - 1.4.4
1) Add SIGHUP support for configuration options

Scheduled Release - 1.4.5
1) Add SYSLOG logging support

Scheduled Release - 1.4.6
1) Add -c option to specify alternate config directory

Scheduled Release - 1.4.7
1) Add threshold support for blocking

Scheduled Release - 1.4.8
1) Create external database program for people who don't use DBI.

Scheduled Release - 1.4.8-1.4.9
1) Create packages for fedora/debian/slackware/gentoo

Scheduled Release - 1.5.0
1) Native Cisco PIX Support

Scheduled Release - 1.6.0
1) Create Web FrontEnd to Administer BlockIt

Scheduled Release - 2.0
1) Monitor Snort MySQL databases for because who want Snort/ACID/BlockIt

Scheduled Release - Any One of These Releases 1) Add Better Documentation
2) Add ability to port block instead of full IP block

BlockIt 1.4.1 - June 28, 2005
COMMENTS: Added another SSH Bad login check for invalid users. Changed minimum firewall time from 60 to 1. Added log entry when intruder minutes is less then minimum firewall time. Thanks to Emi Garcia for QAing this release.

***Added a Forum for BlockIt support http://www.teknofx.com/forum

-=MINOR=-

  1. Added invalid users check for ssh logins
  2. Changed default config value for minfirewalltime
  3. Added log entry for = intruder block time < minimum firewall time

-=BUG=-

  1. non-PAM SSHD Bad Login support was only looking for root user

***TODO***
Scheduled Release - 1.4.2
1) Add user defined external firewall script support.

Scheduled Release - 1.4.3
1) Add SIGHUP support for configuration options

Scheduled Release - 1.4.4
1) Add SYSLOG logging support

Scheduled Release - 1.4.5
1) Add -c option to specify alternate config directory

Scheduled Release - 1.4.6
1) Add threshold support for blocking

Scheduled Release - 1.4.7
1) Create external database program for people who don't use DBI.

Scheduled Release - 1.4.8-1.4.9
1) Create packages for fedora/debian/slackware/gentoo

Scheduled Release - 1.5.0
1) Native Cisco PIX Support

Scheduled Release - 1.6.0
1) Create Web FrontEnd to Administer BlockIt

Scheduled Release - 2.0
1) Monitor Snort MySQL databases for because who want Snort/ACID/BlockIt

Scheduled Release - Any One of These Releases 1) Add Better Documentation
2) Add ability to port block instead of full IP block

BlockIt 1.4.0 - June 25, 2005
COMMENTS: Changes since 1.3.2 Stable Release:

=MINOR=

  1. Tested against Perl 5.8.7
  2. Tested against Snort 2.3.3
  3. Added triggering alert line logging to log and e-mail
  4. Added amount of minutes blocked to e-mail log

=MAJOR=

  1. Added IPFW Support
  2. Added IPFILTER Support
  3. Added Snort SigID Whitelist Support
  4. Bad SSH Login Support via syslog
  5. 50% Code re-write
  6. Added PF Support

=BUGS=

  1. Unable to Stop server or use any command
  2. Create blockit.intruders file if didn't exist
  3. Comment out module imports
  4. Minute Processing wasn't working. Blocked IPs stayed infinite.
  5. Build Hash Functions - changed chop to s/\s+$// for all file configurations.

=THANKS=

  1. Raj Wurttemberg -- Made BlockIT stable with his QA ninja skillz
  2. Rachim Tamsjadi -- Multiple bug fixes/features since 1.3.2 stable release
  3. Frank Schmidt -- Patched the hell out of it and added really nice features
  4. Carlo Benna -- Fixed final bugs in 1.4.0rc releases
  5. Emi Garcia -- SSH Login Feature and QA

***TODO***
Scheduled Release - 1.4.1
1) Add Wiki/Mailing List/Online Release Notes/Forum <- One or more of theses.

Scheduled Release - 1.4.2
1) Add User Defined External Firewall Script Support.

Scheduled Release - 1.4.3
1) Add SIGHUP Support for configuration options

Scheduled Release - 1.4.4
1) Add Ability to Port Block Instead of Full IP Block

Scheduled Release - 1.5.0
1) Native Cisco PIX Support

Scheduled Release - Any One of These Releases 1) Add Better Documentation

BlockIt 1.4.0rc3 - June 22, 2005
COMMENTS: Fixed crash in sub write_intruders_email and sub rules. Thanks to Carlo Benna for the patch.

***TODO***
Scheduled Release - 1.4.0
1) Check all 1.3.2b - 1.3.2f code.
2) Test 1.4.0rc3
3) Finish OpenBSD - pf support

Scheduled Release - 1.4.1
1) Add User Defined External Firewall Script Support.

Scheduled Release - 1.4.2
1) Add SIGHUP Support for configuration options

Scheduled Release - 1.4.3
1) Add Ability to Port Block Instead of Full IP Block

Scheduled Release - 1.5.0
1) Native Cisco PIX Support

Scheduled Release - Any One of These Releases 1) Add Better Documentation

BlockIt 1.4.0rc2 - October 27, 2004
COMMENTS: Fixed script - it wouldn't catch any vulnerabilities. Added bad SSH Login Support.

***TODO***
Scheduled Release - 1.4.0
1) Check all 1.3.2b - 1.3.2f code.
2) Test 1.4.0rc2
3) Finish OpenBSD - pf support

Scheduled Release - 1.4.1
1) Add User Defined External Firewall Script Support.

Scheduled Release - 1.4.2
1) Add SIGHUP Support for configuration options

Scheduled Release - 1.4.3
1) Add Ability to Port Block Instead of Full IP Block

Scheduled Release - 1.5.0
1) Native Cisco PIX Support

Scheduled Release - Any One of These Releases 1) Add Better Documentation

BlockIt 1.4.0rc1 - August 25, 2004
COMMENTS: About 50% of code has been re-written by Frank Schmidt. Note Frank made changes against 1.3.2b. I tried to merge all changes between 1.3.2b - 1.3.2f into this release. Below are Frank's comments.

*) Improved code and bugfixes here and there, you'll see it using your favourite diff-tool
*) Option "Interface" to include all network interfaces *) Option "HostIPAddr" and "GatewayAddr" (new) to autodetect IP-address and gateway
*) Option "SyslogFile" to scan syslog or a specific firewall-log. This works great and fast, you can start blocking hosts from the first firewall-log entry, instead of relying on/waiting for snort! A side-effect feature of the blockit-block, at least on my firewall rules, is that blocked hosts doesn't get logged at all, leaving it up to snort to detect further violations using the promiscous network sniffing. This can be good against DOS-attacks and for keeping log-files small. *) You don't really need to run snort at all, but then you will never get permanent or very long blocks unless you block everything that way. The syslog gives a nice way to perform short blocks, while snort gives a nice way to detect violations that deserve longer blocks or permanent bans. I think they complement eachother perfectly. *) Option "IgnoreEstablishedConnections" to automatically include established connections to the internal ignore-list so you won't block hosts you deal with.
*) Option "FilterTargets" to chose wether we should filter attacks only against known hosts, or filter ALL attacks regardless of destination *) Option "ExtraIgnoreFilter" is a regexp filter for filtering out uninteresting lines in firewall-log/syslog. Eg. I have an entry for ignoring NetBIOS ports since Windows-machines use this all the time and I don't want to auto-block my own Windows machines... Bug: The regexp gets really limited by the way the config-file is read into perl.. You can't use = or spaces, but it works by using . as replacement for the equal-sign.
*) Option "AccumulativeTiming" makes violations accumulative, so the times will add up the more attacks a host performs. Works great with the "SyslogFile" option until the host gets blocked, then snort will take it from there since blocked hosts don't get logged (at least in my firewall rules).
*) Option "MinFirewallTime" specifies minimum time before we start blocking that IP. It makes the blocking more flexible, so we tolerate a little more before adding rules to the firewall. It will also prevent adding and removing rules all the time by putting a minimum time on rules, so we can tweak more by using lower penalty-times. *) Option "MaxFirewallTime" is the time for a permanent ban. *) The permanent ban "time" have been changed from 0 to negative, ie. -1. 0 is now ignored and deleted.
*) More command-line options for running blockit as a daemon. Possibility to restart blockit and more.
*) Improved list and help

***TODO***
Scheduled Release - 1.4.0
1) Check all 1.3.2b - 1.3.2f code.
2) Test 1.4.0rc1
3) Finish OpenBSD - pf support

Scheduled Release - 1.4.1
1) Add User Defined External Firewall Script Support.

Scheduled Release - 1.4.2
1) Add SIGHUP Support for configuration options

Scheduled Release - 1.4.3
1) Add Ability to Port Block Instead of Full IP Block

Scheduled Release - 1.5.0
1) Native Cisco PIX Support

Scheduled Release - Any One of These Releases 1) Add Better Documentation

BlockIt 1.3.2f - July 13, 2004
COMMENTS: Fixed bug in build hash functions.

=BUG=

  1. Build Hash Functions - changed chop to s/\s+$// for all file configurations.

***TODO***
Scheduled Release - 1.3.3
1) IPFW Support - Done

Scheduled Release - 1.3.4
1) IPFilter Support - Done

Scheduled Release - 1.3.5
1) SigID Whitelist Support - Done

Scheduled Release - 1.3.6
1) OpenBSD - pf support

Scheduled Release - 1.3.7
1) Add User Defined External Firewall Script Support.

Scheduled Release - 1.3.8
1) Add SIGHUP Support for configuration options

Scheduled Release - 1.3.9
1) Add Ability to Port Block Instead of Full IP Block

Scheduled Release - 1.4.0
1) Native Cisco PIX Support

Scheduled Release - Any One of These Releases 1) Add Better Documentation

BlockIt 1.3.2e - July 11, 2004
COMMENTS: Added IPFW and IPFILTER Support. Added Snort SigID whitelist support. Added more information to e-mail logging including the triggering alert line and number of minutes the IP will be blocked for. Added triggering alert line to normal log. Tested against Snort 2.1.3.

=MINOR=

  1. Tested against Perl 5.8.4
  2. Tested against Snort 2.1.3
  3. Added triggering alert line logging to log and e-mail - Rachim Tamsjadi
  4. Added amount of minutes blocked to e-mail log - Rachim Tamsjadi

=MAJOR=

  1. Added IPFW Support
  2. Added IPFilter Support
  3. Added SigID Whitelist Support - Rachim Tamsjadi

***TODO***
Scheduled Release - 1.3.3
1) IPFW Support - Done

Scheduled Release - 1.3.4
1) IPFilter Support - Done

Scheduled Release - 1.3.5
1) SigID Whitelist Support - Done

Scheduled Release - 1.3.6
1) OpenBSD - pf support

Scheduled Release - 1.3.7
1) Add User Defined External Firewall Script Support.

Scheduled Release - 1.3.8
1) Add SIGHUP Support for configuration options

Scheduled Release - 1.3.9
1) Add Ability to Port Block Instead of Full IP Block

Scheduled Release - 1.4.0
1) Native Cisco PIX Support

Scheduled Release - Any One of These Releases 1) Add Better Documentation

BlockIt 1.3.2d - July 08, 2004
COMMENTS: Fixed major bug in minute processing. Thanks to Rachim Tamsjadi for pointing this out.

=BUG=

  1. Minute Processing wasn't working. Blocked IPs stayed infinite.

***TODO***
Scheduled Release - 1.3.3
1) IPFW Support

Scheduled Release - 1.3.4
1) OpenBSD - pf support

Scheduled Release - 1.3.5
1) Add User Defined External Firewall Script Support.

Scheduled Release - 1.3.6
1) Add SIGHUP Support for configuration options

Scheduled Release - 1.3.7
1) Add Ability to Port Block Instead of Full IP Block

Scheduled Release - 1.4.0
1) Native Cisco PIX Support

Scheduled Release - Any One of These Releases 1) Add Better Documentation

BlockIt 1.3.2c - July 07, 2004
COMMENTS: Fixed bug were importing of modules didn't work in source version

=BUG=

  1. Comment out module imports in source version

***TODO***
Scheduled Release - 1.3.3
1) IPFW Support

Scheduled Release - 1.3.4
1) OpenBSD - pf support

Scheduled Release - 1.3.5
1) Add User Defined External Firewall Script Support.

Scheduled Release - 1.3.6
1) Add SIGHUP Support for configuration options

Scheduled Release - 1.3.7
1) Add Ability to Port Block Instead of Full IP Block

Scheduled Release - 1.4.0
1) Native Cisco PIX Support

Scheduled Release - Any One of These Releases 1) Add Better Documentation

BlockIt 1.3.2b - October 09, 2003
COMMENTS: Fixed bug were if blockit.intruders didn't exist the script would create it for you.

=BUG=

  1. Create blockit.intruders file if didn't exist

***TODO***
Scheduled Release - 1.3.3
1) IPFW Support

Scheduled Release - 1.3.4
1) OpenBSD - pf support

Scheduled Release - 1.3.5
1) Add User Defined External Firewall Script Support.

Scheduled Release - 1.3.6
1) Add SIGHUP Support for configuration options

Scheduled Release - 1.3.7
1) Add Ability to Port Block Instead of Full IP Block

Scheduled Release - 1.4.0
1) Native Cisco PIX Support

Scheduled Release - Any One of These Releases 1) Add Better Documentation

BlockIt 1.3.2a - October 09, 2003
COMMENTS: Fixed a realy dumb bug during the pid file checking. It was not letting you stop the server.

Note to self --- When comparing strings at 1AM please remember to use "eq" not "=="

=BUG=

  1. Unable to Stop server or use any command

***TODO***
Scheduled Release - 1.3.3
1) IPFW Support

Scheduled Release - 1.3.4
1) OpenBSD - pf support

Scheduled Release - 1.3.5
1) Add User Defined External Firewall Script Support.

Scheduled Release - 1.3.6
1) Add SIGHUP Support for configuration options

Scheduled Release - 1.3.7
1) Add Ability to Port Block Instead of Full IP Block

Scheduled Release - 1.4.0
1) Native Cisco PIX Support

Scheduled Release - Any One of These Releases 1) Add Better Documentation

BlockIt 1.3.2 - October 09, 2003
COMMENTS: Tests for Snort 2.0.2 we're successful. Changes since 1.3.0 Stable Release:

=MINOR=

  1. Changed configuration option "e-Mail" to "email"
  2. Changed configuration option "to" to "toemail"
  3. Changed configuration option "from" to "fromemail"
  4. Tested against Perl 5.8.1
  5. Tested against Snort 2.0.2

=MAJOR=

  1. Major Code Cleanup
  2. Faster configuration file parsing. All config vars are now stored in hash.

=BUGS=

  1. Fixed Install Script Bug
  2. Fixed Main Agent Array Bug
  3. Routine for checking of database hash for existing ips is now fixed.
  4. Fixed PID File checking when forking.

***TODO***
Scheduled Release - 1.3.3
1) IPFW Support

Scheduled Release - 1.3.4
1) OpenBSD - pf support

Scheduled Release - 1.3.5
1) Add User Defined External Firewall Script Support.

Scheduled Release - 1.3.6
1) Add SIGHUP Support for configuration options

Scheduled Release - 1.3.7
1) Add Ability to Port Block Instead of Full IP Block

Scheduled Release - 1.4.0
1) Native Cisco PIX Support

Scheduled Release - Any One of These Releases 1) Add Better Documentation

BlockIt 1.3.0d - October 07, 2003
COMMENTS: Tests for Snort 2.0.2 we're successful. Routine for checking of database hash for existing ips was incorrect.

***TODO***
Scheduled Release - 1.3.1
1) Fix pid checking when forking

Scheduled Release - 1.3.2
1) Faster configuration file parsing

Scheduled Release - 1.3.3
1) IPFW Support

Scheduled Release - 1.3.4
1) OpenBSD - pf support

Scheduled Release - 1.3.5
1) Add User Defined External Firewall Script Support.

Scheduled Release - 1.3.6
1) Add SIGHUP Support for configuration options

Scheduled Release - 1.3.7
1) Add Ability to Port Block Instead of Full IP Block

Scheduled Release - 1.4.0
1) Native Cisco PIX Support

Scheduled Release - Any One of These Releases 1) Add Better Documentation

BlockIt 1.3.0c - October 07, 2003
COMMENTS: Tests for Perl 5.8.1 we're successful. Changed 3 configuration options: "e-Mail" is now "email", "to" is now "toemail", "from" is now "fromemail". Renamed variables to same name as configuration option names.

***TODO***
Scheduled Release - 1.3.1
1) Snort 2.0 Testing

Scheduled Release - 1.3.2
1) Faster configuration file parsing

Scheduled Release - 1.3.5
1) IPFW Support

Scheduled Release - 1.4.0
1) Native Cisco PIX Support

BlockIt 1.3.0b - October 06, 2003
COMMENTS: Public Development Release - Should be faster then before. I’m going to finish testing with Perl 5.8.1 before releasing 1.3.1. It's been awhile since a new release. I plan on testing Snort 2.0 before 1.3.1 as well. Although I'm pretty sure it works.

***TODO***
Scheduled Release - 1.3.1
1) Perl 5.8.1 Testing
2) Snort 2.0 Testing
3) Major Code Cleanup

Scheduled Release - 1.3.2
1) Faster configuration file parsing

Scheduled Release - 1.3.5
1) IPFW Support

Scheduled Release - 1.4.0
1) Native Cisco PIX Support

BlockIt 1.3.0a - March 11, 2003
COMMENTS: Minor Bug Fixes. Made some internal changes.. I fired myself then decided to re-hire myself. :)This release was not public. Only available if asked for a fix.

=BUGS=

  1. Fixed Install Script Bug
  2. Fixed Main Agent Array Bug

***TODO***
Scheduled Release - 1.3.1
1) Major Code Cleanup

Scheduled Release - 1.3.2
1) Faster config file parsing

Scheduled Release - 1.3.5
1) IPFW Support

Scheduled Release - 1.4.0
1) Native Cisco PIX Support

BlockIt 1.3.0 - February 28, 2003
COMMENTS: I released the source! I released the source in this version mainly because of the option to choose a firewall type. I will remain packaging the binary but have started to use GLIBC 2.1.3 instead of GLIBC 2.3.1. And last but not least this is the historic Snort Priority Support Version :)

=MINOR=

  1. Changed GLIBC Version for binary.

=MAJOR=

  1. Added Snort Priority Support!
  2. Added Time Option to Insert Command. "blockit insert <ip> <time>"
  3. Added IPChains Support.
  4. Added IPFWADM Support.
  5. Added Checkpoint Firewall Support.

=BUGS=

  1. Fixed bug in MySQL Database Routine.

***TODO***
Scheduled Release - 1.3.1
1) Major Code Cleanup

Scheduled Release - 1.3.2
2) Faster config file parsing

Scheduled Release - 1.3.5
1) IPFW Support

Scheduled Release - 1.4.0
1) Native Cisco PIX Support

BlockIt 1.2.8 - January 8, 2003
COMMENTS: Just a few add-ons nothing special in this release. Except for the Timing Support!!!! I needed to add Rule Timing Support for the 1.2.9 Release :p

=MINOR=

  1. Usage and Help Data from command line. Run "blockit help"
  2. Add Signal Capturing Functions i.e. QUIT, TERM

=MAJOR=

  1. Add Timing Support on BlockIt Rules. New DTime Variable in blockit.conf. Lets you specify amount of time to keep a rule for.

=BUGS=

  1. Log Rotation Code - It will now re-open snort file if snort file gets smaller.
  2. Install Script: Script wasn't creating /var/log/blockit/intruders file THANKS TO - Raj Wurttemberg

***TODO***
Scheduled Release - 1.2.9
1) Add Snort Priority Code Support
2) Add Time Option in Insert Command :)

Scheduled Release - 1.3.0
1) Add Built in IPChains Support
2) Add Built in Checkpoint Firewall Support 3) Add Built in IPFWADM Support

BlockIt 1.2.6 - January 3, 2003
COMMENTS: One of the Major Changes in this release is the switch to DBM Files on the Intruder File. This allows me to have remove, insert, and list commands. I'll probably have to change the DBM Format in a later release. Currently in the $BLOCKIT\contrib folder your find the dbmconvert utility to convert your old Intruder File to the New File

=MINOR=

  1. More Code Cleanup <- Always a Plus

=MAJOR=

  1. Added Remove Command. You can now run "blockit remove <ip address>" To remove an IP Address
  2. Added Insert Command. You can now run "blockit insert <ip address>" To add an IP Address
  3. Added List Command. You can now run "blockit list" To list all Intruders
  4. Converted Intruder File to DBM File. The only way know to display intruders is by using the list command

=BUGS=

  1. Install Script: Script was creating the directories and links incorrectly THANKS TO - Raj Wurttemberg

***TODO***
Scheduled Release - 1.2.7
1) Add Usage and Help Data from command line <- Moved this up a couple of releases
2) Add Signal Capturing Functions i.e. HUP, TERM

Scheduled Release - 1.2.8
1) Add Log Rotation Code
2) Add Timing Support on BlockIt Rules <- Moved this up a couple of releases

Scheduled Release - 1.2.9
1) Add Snort Priority Code Support

Scheduled Release - 1.3.0
1) Add Built in IPChains Support
2) Add Built in Checkpoint Firewall Support 3) Add Built in IPFWADM Support

BlockIt 1.2.5 - December 31, 2002
COMMENTS: Well after a whole lot of caffeine and allot of time on my hands. I decided to code through release 1.2.5 and made some progress on some other ideas towards the 1.3.0 release. So without further ado here's the BlockIt New Years Eve Release

=MINOR=

  1. Reconfigured blockit.conf file to "variable = value" format
  2. Added option whether or not to use blockit.intruders file at startup
  3. Added Gateway Variable and took out HostGatewayByte Variable Less Confusing
  4. Added blockit.pid file
  5. Redid Install Script. It now asks you for the Install Directory
  6. Redid Install Script. It will now configure the BlockIt MySQL Database for you
  7. Code Cleanup <- Always a Plus

=MAJOR=

  1. Added Mail Logging Support. You can now receive emails when IPTABLES Rules are put up
  2. Added Stop Mechanism. You can now issue the command "blockit stop "
  3. Added more Documentation and Explanation in blockit.conf <- This has been asked since version 0.9

=BUGS=

  1. Scan through TARGET HASH to check if source already exists before adding another Rule

***TODO***
Scheduled Release - 1.2.6
1) Add Remove Command
2) Add List Command
3) Add Insert Command

Scheduled Release - 1.2.7
1) Add Usage and Help Data from command line <- Moved this up a couple of releases
2) Add Signal Capturing Functions i.e. HUP, TERM

Scheduled Release - 1.2.8
1) Add Log Rotation Code
2) Add Timing Support on BlockIt Rules <- Moved this up a couple of releases

Scheduled Release - 1.2.9
1) Add Snort Priority Code Support

Scheduled Release - 1.3.0
1) Add Built in IPChains Support
2) Add Built in Checkpoint Firewall Support 3) Add Built in IPFWADM Support

BlockIt 1.2.0 - December 23, 2002
Changes - 1.2.0

Converted BlockIt to Binary
Embedded DBI and DBD::mysql Modules
Added Install Script

***TODO***
Scheduled Release - 1.2.1
1) Reconfigure conf file to have "variable = value" 2) Add option whether or not to use blockit.intruders file on startup 3) Add Gateway Variable and take out HostGatewayByte Variable

Scheduled Release - 1.2.2
1) Add Mail Support
2) Add Stop Mechanism

Scheduled Release - 1.2.3
1) Scan through TARGET ARRAY to see if source already exists before adding another Rule
2) Add Whitelist Support

Scheduled Release - 1.2.4
1) Redo Install Script -- Ask For Install Directory 1) Have Install Script configure MySql Support

Scheduled Release - 1.2.5
1) More Documentation on blockit.conf

Scheduled Release - 1.3.0
1) Add Timing Support on BlockIt Rules
2) Add Usage and Help Data
3) Convert BlockIt to Cookie Cut Firewall Script - IPFW, IPCHAINS, IPTABLES, Cisco, etc

BlockIt 1.1.1 - October 23, 2002
CHANGED BLOCKIT TO HAVE ITS OWN IPTABLES CHAIN

***TODO***

  1. Add Better Documentation
  2. Add IPChains Support sigh Don't Really Want to but, I've been getting emails.
  3. Add OpenBSD Support
  4. Add Ability to Port Block Instead of Full IP Block
  5. Add SIGHUP Support
  6. Add Email Logging Support
    BlockIt 1.1.0 - October 21, 2002
    Added Faster Portscan Detection

***TODO***

  1. Add Better Documentation
  2. Add IPChains Support sigh Don't Really Want to but, I've been getting emails.
  3. Add OpenBSD Support
  4. Add Ability to Port Block Instead of Full IP Block
  5. Add SIGHUP Support
    BlockIt 1.0.2 - October 18, 2002
    Code Cleanup

***TODO***

  1. Add Better Documentation
  2. Add IPChains Support sigh Don't Really Want to but, I've been getting emails.
  3. Add OpenBSD Support
  4. Add Ability to Port Block Instead of Full IP Block
  5. Add SIGHUP Support
  6. Add Faster Portscan Detection
    BlockIt 1.0.1 - October 17, 2002
    FIXED DBI Module loading process

***TODO***

  1. Add Better Documentation
  2. Add IPChains Support sigh Don't Really Want to but, I've been getting emails.
  3. Add OpenBSD Support
  4. Add Ability to Port Block Instead of Full IP Block
    BlockIt 1.0.0 - October 16, 2002
    Added MySQL Logging Support

***TODO***

  1. Add Better Documentation
  2. Add IPChains Support sigh Don't Really Want to but, I've been getting emails.
  3. Add OpenBSD Support
  4. Add Ability to Port Block Instead of Full IP Block
    BlockIt 0.9.1 - September 2, 2001
    Added CIDR Support for Ignore File

***TODO***

  1. Add Better Documentation
  2. Add IPChains Support sigh Don't Really Want to but, I've been getting emails.
  3. Add OpenBSD Support
  4. Add Ability to Port Block Instead of Full IP Block.
  5. Add MySQL Logging Support
    BlockIt - 0.9 - August 26, 2001
    First Official Release.

***TODO***

  1. Add CIDR Support for Ignore File
  2. Add Better Documentation
  3. Add IPChains Support sigh Don't Really Want to but, I've been getting emails.
  4. Add OpenBSD Support
  5. Add Ability to Port Block Instead of Full IP Block.
  6. Add MySQL Logging Support


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.