In Vuurmuur 0.5.72 alpha 1, I introduced a connection management interface to the connection viewer, allowing the administrator to kill connections and add ipaddresses to the blocklist. Next, I’m working on doing about the same for the logviewer. The idea is to have a menu with options for each individual logline. I can think of a large number of interesting options, but I think the best would be an option like ‘create a rule based on this logline’. This would then open a prefilled rule window based on the values in the log. This option would make it very easy to get going with a new Vuurmuur setup.
Other options I can think of are:
- create a host based on the logline
- create a service
- append a portrange to a service
- add a host to a group
- change new connection limit
For now I will first focus on getting the same options as with the connection viewer. When that is done I will probably release it as 0.5.72 alpha 3. For alpha 4 I will extend the number of options.
I would be very interested in hearing more ideas for the connection and log options. If you are missing something in the list above, please add a comment!