Date: Tue, 14 Feb 2006 23:34:55 +0200 From: Iantcho Vassilev <ianchov@gmail.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: General Guidance Using Snort Inline Message-ID: <18e02bd30602141334yef90c40t14fd6d2ce6175ef9@mail.gmail.com> In-Reply-To: <43F227CA.60603@mykitchentable.net> References: <43F227CA.60603@mykitchentable.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I am pretty sure there are modules for PF(so i guess IPFW2 should have also). Try google and the snort mail list On 2/14/06, Drew Tomlinson <drew@mykitchentable.net> wrote: > > I've installed snort 2.4.3 on a 6.0 machine and have it logging > successfully to a MySQL database on another machine in my home network. > I also have BASE installed on that machine to view the alerts. > > Now I'd like to move forward and do things like "block an IP address for > 1 hour that has generated 5 alerts on the same rule in the past > minute". I've Googled and read about snort inline. But what I've read > suggests that snort works with ipfilter. I'm running ipfw2 for my > firewall on the same box that's running snort. To use snort inline, do > I have to covert my entire firewall to ipfilter? Or will snort use > ipfilter to do its "inline" stuff and ipfw2 can continue to work on its > own? > > I'm confused about how this should work and would appreciate any nudges > to guides regarding this setup. > > Thanks, > > Drew > > -- > Visit The Alchemist's Warehouse > Magic Tricks, DVDs, Videos, Books, & More! > > http://www.alchemistswarehouse.com > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?18e02bd30602141334yef90c40t14fd6d2ce6175ef9>