[Snort-users] HELP: Configuring IPTABLES on SnortSam blocking agent
Rachmat Hidayat Al-Anshar
rachmat_hidayat_02 at ...131...
Sun Nov 18 03:19:15 EST 2007
Hi again guys,
I have a little confused with the Fabrizio's statement
on how we set the IPTABLES to make the snortsam agent
effectively block the bad ip address that have been delivered
by snortsam output plugin on snort machine.
/sbin/iptables -I FORWARD -i %s -s %s -j DROP
/sbin/iptables -I INPUT -i %s -s %s -j DROP
/sbin/iptables -D FORWARD -i %s -s %s -j DROP
/sbin/iptables -D INPUT -i %s -s %s -j DROP
-i = interface to block the bad ip address
-s = remote source ip address to be blocked
There is no problem at all with "-i" switch, the thing was bothering me
is the "-s" switch. How can I issue the bad ip address?
in fact the snortsam outplugin on snort machine just send the "src" contains
the bad ip address that was detected by snort. We talking about the random
and dynamic ip address don't we?
so, what do you think guys?!?! what should I do?!
Be a better sports nut! Let your teams follow you
with Yahoo Mobile. Try it now. http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users