[ previous ] [ next ] [ threads ]
 
 From:  Vittore Zen <drzen at gamebox dot net>
 To:  JT <geocritter at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall + snort
 Date:  Tue, 24 May 2005 16:17:59 +0200
In data 23/05/05 18.31 JT ha scritto:

>I'm not a Snort user (in the process of building my own IDS) but I
>think I can help point you in the right direction.
>
>You can send the correct form data to m0n0wall using 'curl' (or the
>older 'wget') at the command line.
>
>{command}
>curl -F type=block -F interface=wan -F proto=tcp -u admin:secret
>http://192.168.2.1/firewall_rules_edit.php
>{/command}
>
>This sends three of the form fields, it still needs the others which
>can be found on the rule add page. After that, you still would have to
>send another request to apply the rules.
>
>If your using HTTPS then you will probably have to use the '-k'
>switch. Unless you're using a certificate verified by Verisign.
>
>Another possibility would be to create a modified
>firewall_rules_edit.php file that accepts a lot less form data since
>I'm assuming you want to block anything coming from a certain host.
>curl would still need to be used though.
>
>Hope it helps!
>
>  
>
Yes. It is my current direction (with wget). I'm looking for a pre-made 
script :-) so I can modify, test, check it...
(the script must remember his action so after a Z time reset the rules)

Thanks for your hints.
v.