“I just thought of a feature that would be very useful when
configuring filters, whether it be Cisco ACL’s or Linux iptables or
whatever. It would be helpful to be able to give a rule a time to
live value. Probably defined in seconds. Here’s why I say this. As
a system administrator at an ISP, we see attacks on our customers
and ourselves constantly. Just a little bit ago I got a complaint
from one customer who had logged someone trying to make an ssh
connection. I don’t see any more traffic from the offending IP
right now. My suspicion is that it was a probe for a vulnerability,
probably automated. What am I going to do about it? Nothing.
Filling the Cisco or firewall with rules blocking individual IP’s
creates an administrative nightmare…”