LFD can run an external script when it performs an IP address block.
This is done by setting the configuration variable
BLOCK_REPORT to a script that must be executable.
The following parameters are passed the the script as arguments:
|1||IP address||The IP address or CIDR being blocked|
|2||ports||Port, comma separated list or * for all ports|
|3||permanent||0=temporary block, 1=permanent block|
|4||inout||Direction of block: in, out or inout|
|5||timeout||If a temporary block, TTL in seconds, otherwise 0|
|6||message||Message containing reason for block|
|7||logs||The logs lines that triggered the block (will contain line feeds between each log line)|
|8||trigger||The configuration settings triggered|
LFD launches the
BLOCK_REPORTin a forked process which terminates after 10 seconds if not completed by then. It runs under the root account, so great care should be exercised with regard to security of the
LFD can run an external script script when a temporary block is unblocked.
UNBLOCK_REPORT can be the full path of the external script which must be
executable. The following parameters are passed the the script as arguments:
|1||IP Address||The IP address or CIDR being blocked|
|2||port*||Port, there could be multiple unblocks for each IP|
[*] If a port was specified in the initial block.