[Snort-users] Question about Alerts

Joe Giles jgiles at ...6534...
Mon Oct 28 09:38:01 EST 2002


I think I have seen this question before, but I'll ask again. Is there
anyway to incorporate Snort with IPTABLES is order to drop selected ip's
that generate an alert? 

Example:
I get a KLEZ incoming alert. I would like to have that passed to
IPTABLES to DROP that IP address long enough to not allow the virus to
get transfered, then reopen the IP till the next alert. Or something
along those lines..

Thoughts?

Thanks

Joe







More information about the Snort-users mailing list