[Snort-users] what to do with dynamic ip hosts

Robert Buckley ipchains at ...549...
Mon Oct 2 09:49:37 EDT 2000


Hello

I dont have a dynamic ip, but I thought if I did, here is how I would approach it,....



#!/bin/sh
current_ip=`ifconfig -a | grep inet | cut -f2 -d " " | head -n 1`;
if [ ! -e "savedsnortip" ]; then
    printf "$current_ip" > savedsnortip
    old_ip=$current_ip
else
    old_ip=`cat savedsnortip`
fi
printf "$current_ip" > savedsnortip

# EDIT THIS TO MATCH YOUR RULES NAME
# AND REPLACE 32 WITH YOUR NETWORK CLASS
perl -p -i -e 's/$old_ip\/32/$current_ip\/32/' 0727kany.rules
printf "Current ip loaded, launching snort...\n"
snort -d -c 0727kany.rules &

exit 0



Fyodor wrote:

> ~ :Hello,
> ~ : I am going to run snort on my firewall that is hooked up to a cable
> ~ :connection. I am trying to use the rule set you can create on the web page. But
> ~ :it needs the ip of the computer it is on. My ip changes due to the dhcp lease.
> ~ :Is there a way to have it listen to interface eth0 instead of the ip address of
> ~ :eth0?
> ~ :
>
> What I think you mean it to set IP address of eth0 to $HOMENET variable
> instead of giving address explictly, right?
>
> On the moment we dont support this feature, but there were a couple of
> scripts posted to the list while ago, which allow you to run snort when
> your IP address changes dinamically.
>
> However I was thinking here, we can retrive ip address and netmask of the
> interface, which you run snort on, during startup (I don't see if there's
> any way to detect interface IP address change during runtime), so what I
> think we can do is introducing some global variable
> (INTERFACE_ADDRESS?) which would be initialized to an IP address and
> netmask at startup time, so you could put something like:
>
> var HOMENET $INTERFACE_ADDRESS
>
> into your snort-lib file.. Any thoughts?
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users




More information about the Snort-users mailing list