Daniel Marsh wrote:

On 9/11/07, Ovi <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:


    I am interested if anybody uses snort with pf to block in realtime ips
    detected by snort as viruses, scans and so on.
    I saw on mail lists that is working Snort + ipfw (snort_inline) but I
    need pf for this setup.

    Also I wonder if it is possible to block p2p traffic using such setup,
    with p2p rules defined from Snort.

You can use Spoink which will apply as a patch to Snort (either needs the port modified or snort compiled manually).

Spoink will add IP addresses which Snort has alerted on to a specified table in Pf.

Thank you, I'll try spoink.
I've also found snort2pf (http://sourceforge.net/projects/snort2pf/)

Best Regards,

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to