Daniel Marsh wrote:



On 9/11/07, Ovi <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:

    Hello

    I am interested if anybody uses snort with pf to block in realtime ips
    detected by snort as viruses, scans and so on.
    I saw on mail lists that is working Snort + ipfw (snort_inline) but I
    need pf for this setup.

    Also I wonder if it is possible to block p2p traffic using such setup,
    with p2p rules defined from Snort.


You can use Spoink which will apply as a patch to Snort (either needs the port modified or snort compiled manually).

Spoink will add IP addresses which Snort has alerted on to a specified table in Pf.
http://freshmeat.net/projects/spoink/

Thank you, I'll try spoink.
I've also found snort2pf (http://sourceforge.net/projects/snort2pf/)

Best Regards,
ovidiu

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to