General Guidance Using Snort Inline

Iantcho Vassilev ianchov at
Tue Feb 14 13:35:16 PST 2006

I am pretty sure there are modules for PF(so i guess IPFW2 should have
Try google and the snort mail list

On 2/14/06, Drew Tomlinson <drew at> wrote:
> I've installed snort 2.4.3 on a 6.0 machine and have it logging
> successfully to a MySQL database on another machine in my home network.
> I also have BASE installed on that machine to view the alerts.
> Now I'd like to move forward and do things like "block an IP address for
> 1 hour that has generated 5 alerts on the same rule in the past
> minute".  I've Googled and read about snort inline.  But what I've read
> suggests that snort works with ipfilter.  I'm running ipfw2 for my
> firewall on the same box that's running snort.  To use snort inline, do
> I have to covert my entire firewall to ipfilter?  Or will snort use
> ipfilter to do its "inline" stuff and ipfw2 can continue to work on its
> own?
> I'm confused about how this should work and would appreciate any nudges
> to guides regarding this setup.
> Thanks,
> Drew
> --
> Visit The Alchemist's Warehouse
> Magic Tricks, DVDs, Videos, Books, & More!
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list