Hello, I was just wondering if IPFilter would be suitable for use in blocking a list of Ips from getting through my firewall. I'm using Snort inside my LAN, and am seeing a lot of code red type attacks on my internal servers. Rather than just block those addresses on the specific servers, I'd like to stop them at the firewall.
I know I could use a "block in quick from bad_IP" type rule, but as the list of bad IP's grows, it seems harder to manage the ruleset. Is there a an easy way to maybe edit a blacklist file and have IPFilter read that file? Or is there some other tool that would be better for this purpose? Thanks a lot, Adam Lofstedt
