[Snort-users] Automatically block IP on firewall box from snort IDS
mlnospam at ...131...
Tue Sep 18 05:40:12 EDT 2012
I have a network configuration where I run snort separately on a dedicated Linux box and have therefore another OpenBSD box which is dedicated to the firewall task. Now because these two security tasks are not on the same physical machine I was wondering how can I automatically block on my OpenBSD firewall specific events which happens on my snort box?
For example, I see some brute force SSH login attemps to my network coming from a specific external IP. Here I would like to block that external IP on my OpenBSD firewall for let's say 1 hour. What would be the best solution to do that?
Thanks for your suggestions.
More information about the Snort-users