Menu
▾
▴
Re: [Snort-inline-users] Blocking a IP for time period
|
From: Eric L. <er...@in...> - 2008-07-15 06:18:10
|
hello, On Tuesday, 2008 July 15 at 5:44:46 -0000, vishal_nitr wrote: > Hi All, I want to dynamically block an IP of attacker in snort-inline for certain period of time say 5 minutes. Is there any way to do this ? Is sticky-drop an option for it ? how do we use it for dynamic blocking because we don't know the IP of the attacker ?I will appreciate any kind of health. > This is not a snort_inline feature but you could use ipset (http://ipset.netfilter.org/) which is able to add IP to a list and reove them after some time. BR, -- Eric Leblond INL: http://www.inl.fr/ NuFW: http://www.nufw.org/ |
