Snort with PF as an IPS
Ovi
ovi at unixservers.us
Tue Sep 11 07:59:00 PDT 2007
Daniel Marsh wrote:
>
>
> On 9/11/07, Ovi <ovi at unixservers.us <mailto:ovi at unixservers.us>> wrote:
>
> Hello
>
> I am interested if anybody uses snort with pf to block in realtime ips
> detected by snort as viruses, scans and so on.
> I saw on mail lists that is working Snort + ipfw (snort_inline) but I
> need pf for this setup.
>
> Also I wonder if it is possible to block p2p traffic using such setup,
> with p2p rules defined from Snort.
>
>
> You can use Spoink which will apply as a patch to Snort (either needs
> the port modified or snort compiled manually).
>
> Spoink will add IP addresses which Snort has alerted on to a specified
> table in Pf.
> http://freshmeat.net/projects/spoink/
>
Thank you, I'll try spoink.
I've also found snort2pf (http://sourceforge.net/projects/snort2pf/)
Best Regards,
ovidiu
More information about the freebsd-questions
mailing list