[Snort-users] DROP connections?

/dev/null dev.null at ...6862...
Sat Apr 12 01:06:03 EDT 2003


I have snort running and love it.  It's running on a firewall/gateway
box.  I've read the FAQ and searched the web but can't seem to see an
already-invented way of doing this, but I think surely someone else has
it working already.

Right now when snort detectes something (like nimda for example), I'd
like to do two things, (1) add the offending IP to my iptables DROP list
and (2) add the offending IP to a config file that is used to build the
iptables rules at bootup.  I have the script already, I just need a way
to have it triggered as soon as snort posts the alert.

Thanks!





More information about the Snort-users mailing list