[ previous ] [ next ] [ threads ]
 
 From:  JT <geocritter at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall + snort
 Date:  Mon, 23 May 2005 12:31:12 -0400
I'm not a Snort user (in the process of building my own IDS) but I
think I can help point you in the right direction.

You can send the correct form data to m0n0wall using 'curl' (or the
older 'wget') at the command line.

{command}
curl -F type=block -F interface=wan -F proto=tcp -u admin:secret
http://192.168.2.1/firewall_rules_edit.php
{/command}

This sends three of the form fields, it still needs the others which
can be found on the rule add page. After that, you still would have to
send another request to apply the rules.

If your using HTTPS then you will probably have to use the '-k'
switch. Unless you're using a certificate verified by Verisign.

Another possibility would be to create a modified
firewall_rules_edit.php file that accepts a lot less form data since
I'm assuming you want to block anything coming from a certain host.
curl would still need to be used though.

Hope it helps!


On 5/23/05, Vittore Zen <drzen at gamebox dot net> wrote:
> Hi,
> 
> someone have a script for m0n0wall that do a IP-ban when snort detect  x
> intrusions in a y time?
> Script goes in the snort machine :-) and send request to m0n0wall.
> 
> 
> 
> thx
> z.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>