The ThreatSTOP threat intelligence Web service should work with any firewall, or other traffic management device, that can make a forwarding decision based on a DNS lookup. For systems without that native capability, it should be simple to write scripts on the management stations that update rules using lists retrieved from DNS.

You can read Generic Overview Instructions here .

Currently, ThreatSTOP has been tested with, and specific instructions are available for, the following firewalls.

IP Tables/Linux

This includes all 2.6 or later kernels, Smoothwall, IPCOP, and any netfilter derivatives. A simple shell script that runs as a cron job updates chains that contain all the allow and deny rules.

pf/BSD

A simple shell script that runs as a cron job updates the allow and deny rules.

ZoneAlarm

ZoneAlarm firewalls can natively resolve, and use, the lists. A one time configuration in the GUI is all that is required.

Juniper/Netscreen

Juniper/Netscreen devices can resolve lists directly, but are limited to 28 IPs per lookup, and update no more often than once every 4 hours.

Cisco PIX

Although they do not have a native DNS resolver, we have written and tested a PERL script that runs on the management station and updates PIX firewalls with SHUN rules using the lists. Our service is in use in production in a large community college that uses PIX.

Checkpoint

We are continuing to test and document other firewalls. If you don't see your platform listed here, please contact us.