#!/bin/bash
#Copyright 2004 William Stearns <wstearns@pobox.com>
#Released under the GPL
#Automatically generated by Modwall, http://www.stearns.org/modwall/

#==== Iptables modules required ==== recent
#==== Brick specific help ====
#	Once the scrutinizesrc or scrutinizedst module has remembered an
#IP address in the recent "scrutinize" table, this module is responsible
#for logging all packets to or from that IP for the next two minutes. 
#ulogd must be running in userspace to receive the packets and send them
#to a pcap file or sql database.  See
#http://www.stearns.org/doc/iptables-ulog.current.html for more info on
#how this is done.

/usr/bin/sudo /sbin/iptables -N scrutinize
/usr/bin/sudo /sbin/iptables -A scrutinize -m recent --name scrutinize --rcheck --seconds 120 --rsource -j ULOG
/usr/bin/sudo /sbin/iptables -A scrutinize -m recent --name scrutinize --rcheck --seconds 120 --rdest -j ULOG
/usr/bin/sudo /sbin/iptables -A INPUT -i ! lo -j scrutinize
/usr/bin/sudo /sbin/iptables -A FORWARD -j scrutinize
/usr/bin/sudo /sbin/iptables -A OUTPUT -j scrutinize