User guide
Chapter 11: Protecting Your Network From Attacks
148 WatchGuard Firebox System
add_hostile
This command adds a site to the Auto-Blocked Site list, with the
duration set by the administrator in Policy Manager’s Blocked
Sites dialog box. It effectively extends your control of the Auto-
Block mechanism inside the Firebox.
add_log_message
This command causes a message to be added to the log stream
emitted by the Firebox. Because the priority is used by the Firebox
to construct syslog messages, its range is the standard syslog
0=Emergency to 7=Debug. There is no limit on message length;
the message is automatically broken into multiple messages if
necessary.
import_passphrase
You can store the Firebox configuration passphrase in encrypted
form to avoid putting it in clear text in your IDS scripts. This
command stores the passphrase in the designated file using 3DES
encryption. Rather than using the configuration passphrase, use
the file name in your scripts. If you are managing multiple
Fireboxes, you need one passphrase file per Firebox.
Return value
The return value of fbidsmate is zero if the command executed
successfully; otherwise it is non-zero. This value should be checked upon
return if calling fbidsmate from a shell script or through some other
interface.
Examples
In the following examples, the IP address of the Firebox is 10.0.0.1 with a
configuration passphrase of “secure1”.
Example 1
The IDS detects a port scan from 209.54.94.99 and asks the Firebox
to block that site:
fbidsmate 10.0.0.1 secure1 add_hostile 209.54.94.99
The 209.54.94.99 site appears on the auto-blocked sites list and
remains there for the duration set in Policy Manager. In addition,
the following message appears in the log file:
Temporarily blocking host 209.54.94.99