Andri Siqueira wrote:
Hello guys,I want to integrate the snort with pf. I already receive the packets in snort with the pf header. Now I want to create a rule in pf and kill the connection if the snort say the packet is an attack. I thought to kill the connection with the option -k of the pfctl. But, I don't know how to create a rule for new connections. Could you help me??? Thanks, Andri.
check snort2pf - http://www.thinknerd.org/~ssc/wiki/doku.php?id=snort2pf
