Daniel Marsh wrote:
On 9/11/07, Ovi <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
I am interested if anybody uses snort with pf to block in realtime ips
detected by snort as viruses, scans and so on.
I saw on mail lists that is working Snort + ipfw (snort_inline) but I
need pf for this setup.
Also I wonder if it is possible to block p2p traffic using such setup,
with p2p rules defined from Snort.
You can use Spoink which will apply as a patch to Snort (either needs
the port modified or snort compiled manually).
Spoink will add IP addresses which Snort has alerted on to a specified
table in Pf.
Thank you, I'll try spoink.
I've also found snort2pf (http://sourceforge.net/projects/snort2pf/)
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"