General Guidance Using Snort Inline
ianchov at gmail.com
Tue Feb 14 13:35:16 PST 2006
I am pretty sure there are modules for PF(so i guess IPFW2 should have
Try google and the snort mail list
On 2/14/06, Drew Tomlinson <drew at mykitchentable.net> wrote:
> I've installed snort 2.4.3 on a 6.0 machine and have it logging
> successfully to a MySQL database on another machine in my home network.
> I also have BASE installed on that machine to view the alerts.
> Now I'd like to move forward and do things like "block an IP address for
> 1 hour that has generated 5 alerts on the same rule in the past
> minute". I've Googled and read about snort inline. But what I've read
> suggests that snort works with ipfilter. I'm running ipfw2 for my
> firewall on the same box that's running snort. To use snort inline, do
> I have to covert my entire firewall to ipfilter? Or will snort use
> ipfilter to do its "inline" stuff and ipfw2 can continue to work on its
> I'm confused about how this should work and would appreciate any nudges
> to guides regarding this setup.
> Visit The Alchemist's Warehouse
> Magic Tricks, DVDs, Videos, Books, & More!
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions