Date: Tue, 11 Sep 2007 17:59:52 +0300 From: Ovi <ovi@unixservers.us> To: freebsd-questions@freebsd.org Subject: Re: Snort with PF as an IPS Message-ID: <46E6AD68.2090501@unixservers.us> In-Reply-To: <ba5e78ea0709110733r759e5a1er597d1d1e4cead7ca@mail.gmail.com> References: <46E6A5E6.8080504@unixservers.us> <ba5e78ea0709110733r759e5a1er597d1d1e4cead7ca@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Daniel Marsh wrote: > > > On 9/11/07, Ovi <ovi@unixservers.us <mailto:ovi@unixservers.us>> wrote: > > Hello > > I am interested if anybody uses snort with pf to block in realtime ips > detected by snort as viruses, scans and so on. > I saw on mail lists that is working Snort + ipfw (snort_inline) but I > need pf for this setup. > > Also I wonder if it is possible to block p2p traffic using such setup, > with p2p rules defined from Snort. > > > You can use Spoink which will apply as a patch to Snort (either needs > the port modified or snort compiled manually). > > Spoink will add IP addresses which Snort has alerted on to a specified > table in Pf. > http://freshmeat.net/projects/spoink/ > Thank you, I'll try spoink. I've also found snort2pf (http://sourceforge.net/projects/snort2pf/) Best Regards, ovidiu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46E6AD68.2090501>