Re: Shorewall + SNORT
- From: misiek <michal_augustyniak@xxxxxxxxx>
- Date: Fri, 10 Nov 2006 14:37:45 -0600
Bit Twister wrote:
On Thu, 09 Nov 2006 15:23:38 -0600, misiek wrote:Hi
I looking for something to find attackers ip and block it in firewall.
I use shorewall, and I just installed snort, but I can not find anything about how to talk snort with shorewall, like if snort will
find attacker ips say HEY SHOREWALL BLOCK IT "DO IT DO IT...!" and plus some notification would be awesome.
I find snortsam but there is no how to install it on gentoo, I found also snort_inline but seems is not a snort actually separate package.
Well, if it were me, I could append ip_whatever to
/etc/shorewall/blacklist and do a shorewall refresh.
Of course that assumes you have enabled blacklist in interfaces net options.
Now think about that for awhile. You can windup with quite a list of
ip addresses.
You could feed the ip addy to whois and get the NetRange: value and
use it instead.
yeah true, so far I do this method, but I need something advanced , I need also some notification.
The Snort seems nice , I compiled snort inline use inline flag during emerging of snort, but I do not have idea how to use it, because there is no howto.
I found only snort_inline documentations but its a separate package and is totally different .
.
- Follow-Ups:
- Re: Shorewall + SNORT
- From: Boger
- Re: Shorewall + SNORT
- References:
- Shorewall + SNORT
- From: misiek
- Re: Shorewall + SNORT
- From: Bit Twister
- Shorewall + SNORT
- Prev by Date: Re: iptables firewall script for linux
- Next by Date: Re: Router / firewall to block specific pages?
- Previous by thread: Re: Shorewall + SNORT
- Next by thread: Re: Shorewall + SNORT
- Index(es):
Relevant Pages
|
