Maybe you should try snort2pf from pkg ?
Information for
http://ftp.spline.de/pub/OpenBSD/5.0/packages/i386/snort2pf-4.5p0.tgz
Comment:
block "nasty" hosts with pf(4) based on Snort's rules
Description:
Snort2Pf is a small Perl daemon which greps Snort's alertfile and
blocks
the "naughty" hosts for a given amount of time using pfctl.
Maintainer: The OpenBSD ports mailing-list <po...@openbsd.org>
WWW: http://sourceforge.net/projects/snort2pf/
---
Thanks,
Vadim Agarkov
On Tue, 3 Jan 2012 17:56:13 -0500, Bentley, Dain wrote:
ugh....that's what I thought.
I'm reading through some OSSEC docs right now and it seems pretty
promising.
Having trouble finding anything about having it read from pflog.
________________________________________
From: Andres Genovez [andresgeno...@gmail.com]
Sent: Tuesday, January 03, 2012 3:04 PM
To: Bentley, Dain
Cc: misc@openbsd.org
Subject: Re: PF Snort tutorial
2012/1/3 Bentley, Dain <dbent...@nas.edu<mailto:dbent...@nas.edu>>
I've been looking around for a good tutorial on implementing snort
with PF
and
everything I see is old, does anyone know of or have implemented a
solution
using an IDS/IPS with PF on the same box? If possible I'd like snort
of some
other IDS inspect packets and have pf drop them based on the fact
they match
certain signatures. Thanks in advance.
Implimenting that is really a Pain in the hell out......I did it on a
4.9, i
need to do it from sources, there is no complete tutorial, it works
on 4.9,
not implemented with PF tought...
Greetings...
--
Atentamente
Andris Genovez Tobar / Tecnico
Elastix ECE - Linux LPI-1 - Novell CLA - Apple ACMT
http://www.puntonet.ec
