you might want to check out snortsam at http://www.snortsam.net
snortsam is a plugin for snort used to make dynamic firewalling with a.o. ipfilter possible cheers theo ---------- Van: Adam Lofstedt[SMTP:[EMAIL PROTECTED] Antwoord naar: [EMAIL PROTECTED] Verzonden: Monday, March 03, 2003 6:44 PM Aan: [EMAIL PROTECTED] Onderwerp: Using IPFilter to blacklist IPs Hello, I was just wondering if IPFilter would be suitable for use in blocking a list of Ips from getting through my firewall. I'm using Snort inside my LAN, and am seeing a lot of code red type attacks on my internal servers. Rather than just block those addresses on the specific servers, I'd like to stop them at the firewall. I know I could use a "block in quick from bad_IP" type rule, but as the list of bad IP's grows, it seems harder to manage the ruleset. Is there a an easy way to maybe edit a blacklist file and have IPFilter read that file? Or is there some other tool that would be better for this purpose? Thanks a lot, Adam Lofstedt
