[ previous ] [ next ] [ threads ]
 From:  Vittore Zen <drzen at gamebox dot net>
 To:  JT <geocritter at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall + snort
 Date:  Tue, 24 May 2005 16:17:59 +0200
In data 23/05/05 18.31 JT ha scritto:

>I'm not a Snort user (in the process of building my own IDS) but I
>think I can help point you in the right direction.
>You can send the correct form data to m0n0wall using 'curl' (or the
>older 'wget') at the command line.
>curl -F type=block -F interface=wan -F proto=tcp -u admin:secret
>This sends three of the form fields, it still needs the others which
>can be found on the rule add page. After that, you still would have to
>send another request to apply the rules.
>If your using HTTPS then you will probably have to use the '-k'
>switch. Unless you're using a certificate verified by Verisign.
>Another possibility would be to create a modified
>firewall_rules_edit.php file that accepts a lot less form data since
>I'm assuming you want to block anything coming from a certain host.
>curl would still need to be used though.
>Hope it helps!
Yes. It is my current direction (with wget). I'm looking for a pre-made 
script :-) so I can modify, test, check it...
(the script must remember his action so after a Z time reset the rules)

Thanks for your hints.