General Guidance Using Snort Inline
drew at mykitchentable.net
Tue Feb 14 10:56:17 PST 2006
I've installed snort 2.4.3 on a 6.0 machine and have it logging
successfully to a MySQL database on another machine in my home network.
I also have BASE installed on that machine to view the alerts.
Now I'd like to move forward and do things like "block an IP address for
1 hour that has generated 5 alerts on the same rule in the past
minute". I've Googled and read about snort inline. But what I've read
suggests that snort works with ipfilter. I'm running ipfw2 for my
firewall on the same box that's running snort. To use snort inline, do
I have to covert my entire firewall to ipfilter? Or will snort use
ipfilter to do its "inline" stuff and ipfw2 can continue to work on its own?
I'm confused about how this should work and would appreciate any nudges
to guides regarding this setup.
Visit The Alchemist's Warehouse
Magic Tricks, DVDs, Videos, Books, & More!
More information about the freebsd-questions