October 4, 2004
Filter rules should have TTL
Anonymous Reader writes "I just thought of a feature that would be very useful when configuring filters, whether it be Cisco ACL's or Linux iptables or whatever. It would be helpful to be able to give a rule a time to live value. Probably defined in seconds. Here's why I say this. As a system administrator at an ISP, we see attacks on our customers and ourselves constantly. Just a little bit ago I got a complaint from one customer who had logged someone trying to make an ssh connection. I don't see any more traffic from the offending IP right now. My suspicion is that it was a probe for a vulnerability, probably automated. What am I going to do about it? Nothing. Filling the Cisco or firewall with rules blocking individual IP's creates an administrative nightmare."