[Oisf-users] using suricata as IPS under openbsd
C. L. Martinez
carlopmart at gmail.com
Wed Dec 4 07:19:29 UTC 2013
On Tue, Dec 3, 2013 at 9:28 PM, Shirkdog <shirkdog at gmail.com> wrote:
> The divert function provides an IPS mechanism. For OpenBSD/FreeBSD,
> using divert sockets will send the packet to the configured port,
> where an IPS can evaluate the traffic and drop it. Otherwise, the
> firewall will continue to process the packet. This requires you to
> change your ruleset to "drop" instead of "alert".
>
> What I do not know is whether using divert-to in pf and Snort will
> function the same as it does on FreeBSD with ipfw and Snort
> ---
> Michael Shirk
>
>
Thanks Michael ... I will to try with FreeBSD 10 RC1 (when it becomes
available) first to see how it goes ...
Many thanks to all.
More information about the Oisf-users
mailing list