On Tue, Nov 22, 2011 at 09:17:31PM +0100, Patrik Karlsson wrote:
Here's an attempt on creating the reverse-index script which is in the
high-priority list of the secwiki.
The script runs both as a hostrule, collecting port information for each
host and storing it in the registry, and as a portrule building the
based on the collected port data.
-- | tcp
-- | 22: 192.168.0.60
-- | 23: 192.168.0.100
-- | udp
-- |_ 5353: 192.168.0.102, 192.168.0.1, 192.168.0.60
I would prefer output like this:
-- | tcp/22: 192.168.0.60
-- | tcp/23: 192.168.0.100
-- | udp/5353: 192.168.0.102, 192.168.0.1, 192.168.0.60
I wasn't sure how and if it's possible to create it as a postrule only
script as the secwiki documentation suggests.
No, I don't think so. You found a nice solution.
Anyway, please let me know if it turned out as expected and whether it
should go into any other categories than safe, so that it can be
Looks good. Great job!