General Guidance Using Snort Inline
Iantcho Vassilev
ianchov at gmail.com
Tue Feb 14 13:35:16 PST 2006
I am pretty sure there are modules for PF(so i guess IPFW2 should have
also).
Try google and the snort mail list
On 2/14/06, Drew Tomlinson <drew at mykitchentable.net> wrote:
>
> I've installed snort 2.4.3 on a 6.0 machine and have it logging
> successfully to a MySQL database on another machine in my home network.
> I also have BASE installed on that machine to view the alerts.
>
> Now I'd like to move forward and do things like "block an IP address for
> 1 hour that has generated 5 alerts on the same rule in the past
> minute". I've Googled and read about snort inline. But what I've read
> suggests that snort works with ipfilter. I'm running ipfw2 for my
> firewall on the same box that's running snort. To use snort inline, do
> I have to covert my entire firewall to ipfilter? Or will snort use
> ipfilter to do its "inline" stuff and ipfw2 can continue to work on its
> own?
>
> I'm confused about how this should work and would appreciate any nudges
> to guides regarding this setup.
>
> Thanks,
>
> Drew
>
> --
> Visit The Alchemist's Warehouse
> Magic Tricks, DVDs, Videos, Books, & More!
>
> http://www.alchemistswarehouse.com
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list