A package of scripts to watch for snort alerts, change / create firewall rules to block high priority alerts, and record recent blocks. It will increase block times based on previously recorded blocks
Features
- Perl script
- Manages IPTABLES blocks based on priority 2 or higher Snort alerts
- Can be triggered by specially marked Snort custom messages, reversing source & target for blocking purposes
- Maintains an SQL database of recent attacks by address & increases block times based on number of attacks seen
License
BSD LicenseFollow Snort Reactor
You Might Also Like