From owner-freebsd-questions@FreeBSD.ORG Tue Feb 14 21:35:16 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ECC8A16A423 for ; Tue, 14 Feb 2006 21:35:15 +0000 (GMT) (envelope-from ianchov@gmail.com) Received: from nproxy.gmail.com (nproxy.gmail.com [64.233.182.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6FDE43D5A for ; Tue, 14 Feb 2006 21:34:56 +0000 (GMT) (envelope-from ianchov@gmail.com) Received: by nproxy.gmail.com with SMTP id o25so502351nfa for ; Tue, 14 Feb 2006 13:34:55 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=cc3juRmdfAMsink4MJap4fI4kHeObVuyuzNxaNmaMn95Ufwrmaib4y7OS7RDI3MD+/M6CLj9uQm9/uhkwdB5ABSOdbNBQmECibkmDJk4SKpRC87YrnraskkclEqvumr0Ze6jpoJHhkzMTbfLufG7LXU0iNPR4dKivluhAvz5n4c= Received: by 10.48.248.6 with SMTP id v6mr1475845nfh; Tue, 14 Feb 2006 13:34:55 -0800 (PST) Received: by 10.49.26.12 with HTTP; Tue, 14 Feb 2006 13:34:55 -0800 (PST) Message-ID: <18e02bd30602141334yef90c40t14fd6d2ce6175ef9@mail.gmail.com> Date: Tue, 14 Feb 2006 23:34:55 +0200 From: Iantcho Vassilev To: FreeBSD Questions In-Reply-To: <43F227CA.60603@mykitchentable.net> MIME-Version: 1.0 References: <43F227CA.60603@mykitchentable.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: General Guidance Using Snort Inline X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Feb 2006 21:35:16 -0000 I am pretty sure there are modules for PF(so i guess IPFW2 should have also). Try google and the snort mail list On 2/14/06, Drew Tomlinson wrote: > > I've installed snort 2.4.3 on a 6.0 machine and have it logging > successfully to a MySQL database on another machine in my home network. > I also have BASE installed on that machine to view the alerts. > > Now I'd like to move forward and do things like "block an IP address for > 1 hour that has generated 5 alerts on the same rule in the past > minute". I've Googled and read about snort inline. But what I've read > suggests that snort works with ipfilter. I'm running ipfw2 for my > firewall on the same box that's running snort. To use snort inline, do > I have to covert my entire firewall to ipfilter? Or will snort use > ipfilter to do its "inline" stuff and ipfw2 can continue to work on its > own? > > I'm confused about how this should work and would appreciate any nudges > to guides regarding this setup. > > Thanks, > > Drew > > -- > Visit The Alchemist's Warehouse > Magic Tricks, DVDs, Videos, Books, & More! > > http://www.alchemistswarehouse.com > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >