[Snort-users] Automatically block IP on firewall box from snort IDS

ML mail mlnospam at ...131...
Tue Sep 18 05:40:12 EDT 2012


I have a network configuration where I run snort separately on a dedicated Linux box and have therefore another OpenBSD box which is dedicated to the firewall task. Now because these two security tasks are not on the same physical machine I was wondering how can I automatically block on my OpenBSD firewall specific events which happens on my snort box?

For example, I see some brute force SSH login attemps to my network coming from a specific external IP. Here I would like to block that external IP on my OpenBSD firewall for let's say 1 hour. What would be the best solution to do that?

Thanks for your suggestions.


More information about the Snort-users mailing list