From owner-freebsd-questions@FreeBSD.ORG Tue Sep 11 14:28:03 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D270216A419 for ; Tue, 11 Sep 2007 14:28:03 +0000 (UTC) (envelope-from ovi@unixservers.us) Received: from webserver.easyhosting.ro (unixware.iasi.rdsnet.ro [86.124.41.195]) by mx1.freebsd.org (Postfix) with ESMTP id A659B13C442 for ; Tue, 11 Sep 2007 14:28:03 +0000 (UTC) (envelope-from ovi@unixservers.us) Received: from [10.0.0.14] (unknown [10.0.0.14]) (Authenticated sender: ovi@unixservers.us) by webserver.easyhosting.ro (Postfix) with ESMTP id C28EEFD018 for ; Tue, 11 Sep 2007 17:28:57 +0300 (EEST) Message-ID: <46E6A5E6.8080504@unixservers.us> Date: Tue, 11 Sep 2007 17:27:50 +0300 From: Ovi User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Snort with PF as an IPS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2007 14:28:03 -0000 Hello I am interested if anybody uses snort with pf to block in realtime ips detected by snort as viruses, scans and so on. I saw on mail lists that is working Snort + ipfw (snort_inline) but I need pf for this setup. Also I wonder if it is possible to block p2p traffic using such setup, with p2p rules defined from Snort. Best Regards, ovidiu