Looking for a script to help me with my firewall

[QV]

I can't seem to get string matching in iptables to work, and there's no option for it in the kernel.

But I need some way to filter out attacks on my web server...not because I'm vulnerable (Apache rocks), but because it clutters up my access_log and all the 404s probably eat into my bandwidth, so I figured I'd ask if anyone has a script like this:

It would run as root (duh), grep all files in /etc/apache2/logs for certain strings (specified in an external config file, most likely just a newline-delimited text file), take the IP addresses associated with each occurence of a GET request that includes those strings, and add a rule to iptables to drop all packets from that IP regardless of anything else. It would also check against existing iptables rules to make sure no IP is blocked twice. It would mostly be used in cron jobs--cron.hourly looks like a nice place, since I'm constantly flooded by these attacks from so many different IPs.

Banned strings, by the way, would be things like default.ida, root.exe, cmd.exe, and nsiislog.dll

I've no idea if a script like that even exists--I'm just hoping it does and someone would point me to it.

Thanks for reading this.

[YopWongSapn]

Why don't you just read up on iptables and make one yourself? It may be more work than you're willing to put into it (I've read most the iptables manual...it's a novel, I know ), but I guaruntee that you will get a lot more out of it when you get it set up the way you want it. Some perks to doing it this way:
1) If it breaks later on, you'll have the knowledge required to fix it (or at least some of the knowledge).
2) It will be much more customized for your needs.
3) You'll have the satisfaction of knowing that you accomlished quite a feat
_________________
Gentoo...it's like wiping your ass with silk. Or sandpaper.