Date: Tue, 14 Feb 2006 10:56:10 -0800 From: Drew Tomlinson <drew@mykitchentable.net> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: General Guidance Using Snort Inline Message-ID: <43F227CA.60603@mykitchentable.net>
next in thread | raw e-mail | index | archive | help
I've installed snort 2.4.3 on a 6.0 machine and have it logging successfully to a MySQL database on another machine in my home network. I also have BASE installed on that machine to view the alerts. Now I'd like to move forward and do things like "block an IP address for 1 hour that has generated 5 alerts on the same rule in the past minute". I've Googled and read about snort inline. But what I've read suggests that snort works with ipfilter. I'm running ipfw2 for my firewall on the same box that's running snort. To use snort inline, do I have to covert my entire firewall to ipfilter? Or will snort use ipfilter to do its "inline" stuff and ipfw2 can continue to work on its own? I'm confused about how this should work and would appreciate any nudges to guides regarding this setup. Thanks, Drew -- Visit The Alchemist's Warehouse Magic Tricks, DVDs, Videos, Books, & More! http://www.alchemistswarehouse.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43F227CA.60603>