#!/bin/bash
#Copyright 2004 William Stearns <wstearns@pobox.com>
#Released under the GPL
#Automatically generated by Modwall, http://www.stearns.org/modwall/

#Note that this module depends on system specific configuration
#so your output will differ.

#==== Brick specific help ====
#	The canarydst module looks at traffic going to closed ports and unused
#machines - canaries.  The assumption is that if someone goes to a closed
#port/machine, they are probably going after a real machine next - we
#will catch them and block them for 30 seconds so they cannot get to the
#real machine either.
#	Experimental.

/usr/bin/sudo /sbin/iptables -N canarydst
/usr/bin/sudo /sbin/iptables -A INPUT -i ! lo -j canarydst
/usr/bin/sudo /sbin/iptables -A FORWARD -j canarydst