In data 23/05/05 18.31 JT ha scritto:
>I'm not a Snort user (in the process of building my own IDS) but I
>think I can help point you in the right direction.
>You can send the correct form data to m0n0wall using 'curl' (or the
>older 'wget') at the command line.
>curl -F type=block -F interface=wan -F proto=tcp -u admin:secret
>This sends three of the form fields, it still needs the others which
>can be found on the rule add page. After that, you still would have to
>send another request to apply the rules.
>If your using HTTPS then you will probably have to use the '-k'
>switch. Unless you're using a certificate verified by Verisign.
>Another possibility would be to create a modified
>firewall_rules_edit.php file that accepts a lot less form data since
>I'm assuming you want to block anything coming from a certain host.
>curl would still need to be used though.
>Hope it helps!
Yes. It is my current direction (with wget). I'm looking for a pre-made
script :-) so I can modify, test, check it...
(the script must remember his action so after a Z time reset the rules)
Thanks for your hints.