From 8ec58baa9626245d63af16917365a9922e6008d0 Mon Sep 17 00:00:00 2001 From: Arjen Baart Date: Fri, 16 Nov 2012 17:45:59 +0100 Subject: [PATCH] Changed the instructions for creating a firewall with Gnucomo. --- doc/manual.xml | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/doc/manual.xml b/doc/manual.xml index 133eb68..d10dc50 100644 --- a/doc/manual.xml +++ b/doc/manual.xml @@ -671,7 +671,22 @@ in the Objects page. The most useful application of the abuse list is to maintain a firewall and block all IP addresses that have the 'dropped' status. -A short shell script will do this job: +To do this automatically, you need to provide access to the database from +a script that is probably run by root. +A special user 'firewall' that can only read the abuse list can be created +with the following SQL commands: + + +CREATE USER firewall WITH PASSWORD 'secret'; +GRANT SELECT ON object_abuse TO firewall; + + +When the Gnucomo database runs on a different system than the one +on which the firewall is maintained, the database server needs to +provide access from external systems. This implies setting up the +PostgreSQL configuration and firewall rules. +The following script then augments the firewall with the information +from the Gnucomo abuse list: #!/bin/sh @@ -679,7 +694,8 @@ A short shell script will do this job: # Create a firewall script from the gnucomo abuses table # -psql -h samos -t gnucomo arjen -c "select source from object_abuse +psql "sslmode=require host=server.gnucomno.org dbname=gnucomo user=firewall password=secret" + -c "select source from object_abuse where status='dropped' and objectid=$1"|grep -v '^$'>/tmp/gnucomo-abuses while read ADDRESS -- 2.11.0