I added this :
in pf.conf
...
table <black> persist file "/etc/black"
...
block quick from <black>
...
Added to crontab
pfctl -t black -T add $(cat /var/log/alert | awk '{print $6}')
What do you think about that ?
Perhaps, you have easiest way to do it ?
Now i'm looking for a small web monitor to view alerts provided by
scanlogd. Any idea ?
cheers,
Wesley.
On Wed, 19 Oct 2011 09:31:35 +0400, "Wesley M." <[email protected]>
wrote:
> Hi,
>
> I use OpenBSD 4.9, i'm looking for a good nids.
>
> I found
> "scanlogd" in ports, works very well.
>
> But is there a way to work this
> last one with pf ? For example add the ip-address detected by scanlogd
to a
> "Blacklist" table ?
>
> Also, is there a way to have a web monitor to view
> alert?
>
> Perhaps, you use something else ... what ? ;-) snort ?
>
> Thank you
> very much !
>
> All the best,
>
> Wesley.
