On Tue, Sep 23, 2008 at 10:29, Glenn Kelley <[EMAIL PROTECTED]> wrote: > sorry - did not mean to sound Ape-ish :-) > > I am pretty easy to get along with - or so I hope.
I was a tad harsh; I just think there are better ways to deal with spam and attackers than blanket deny rules for whole regions. Some admins, however, are [forced to be] in emergency mode and don't have the luxury more esoteric solutions and need a right-now fix, in which case the approach would be more acceptable. > I thought snort was in there as a package -but sure enough - its not. > Seems it dropped out. My checks concur; maybe it'll re-enter with 1.3. I think the ideal setup with SnortSAM would be to get a package for it rolled for pfSense; you then would need 'samtool' (not built by default when building SnortSAM) on your system that's centrally collecting the logs, and write a short shell script to use it and the logs to execute blocks. None of it really requires Snort anyway, just the [pretty simple] daemon running on pfSense, maybe a short configuration screen setting up secrets and what IPs can access it. For those in a hurry, 'pkg_add -r snortsam' would get you a long way there. RB --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
