[Snort-devel] Country Block functionality in pre-processor
mehmasarja at ...2499...
Mon Feb 28 21:40:03 EST 2011
Been running both country block and snort for the past few months and
have one observation. Searched lists for similar discussion and did not
find any. From what little I understand, the pre-processor rules are
like a scouting party sent out by the military. Their job is to report
on the approaching enemy.
I am seeing one of the countries blocked being marked by the
pre-processor and if true, have this one suggestion. If user selected
to-block countries are somehow implemented in the pre-processors and
requests from those IPs are dropped, it will free up firewall resources.
In my case, I am blocking all but 4 countries for my home setup. Imagine
the resource savings if snort does not have to hassle with 98% of the
IPs trying to come in.
More information about the Snort-devel