autofwd README
==============

Description
----------

autofwd is primarily an automated firewalling system intended to firewall
off hosts performing unwanted acts.  It has the following feature list:

  o  can tail multiple log files
  o  can test for any number of regex triggers
  o  supports both IPv4 and IPv6
  o  keeps a stateful database of banned IPs
  o  can automatically "unban" IPs after the 
     ban period expires
  o  can send out 5 minute summaries of any 
     events to local or remote SMTP servers
  o  has a CLI interface for expunging IPs 
     from the database

While this daemon is written with the intent of firewalling off hosts
running dictionary attacks on logins, it can be used for just about
anything.  The external commands to run are all configurable allowing you to
take additional actions against offending hosts.  Run a nmap OS fingerprint
before firewalling, or just silently log the event.  Anything you can script
up can be used with this daemon, as long as it can take an argument
consisting of an IP address.

Installation
------------

To install run 'make' for details.

All prerequisites can be found on CPAN:

  Paranoid
  Parse::PlainConfig
  BerkeleyDB
  Socket6

Optional modules:

  Unix::Syslog
  Net::SMTP

Licensing
---------

This software is licensed under the same terms as Perl, itself. 
Please see http://dev.perl.org/licenses/ for more information.

(c) 2009, Arthur Corliss (corliss@digitalmages.com)

Credits
-------

Many thanks to Sander Klein <roedie@roedie.nl> for patches, ideas, and 
general proof-reading.
