Snort, SnortSam & Oinkmaster

energy · Aug 22, 2006, 5:35 PM

Hi I'm new to this forum and allso new with pfSense, what I like from pfSense is that it runs on FreeBSD with OpenBSD Packet Filter but there is 1 thing what I'm missing. My question is how do you guys think about it to make the follow packages available for pfSense?

1. Snort - http://www.snort.org/

Snort is an open source network intrusion prevention and detection system

2. SnortSam - http://www.snortsam.net/

SnortSam is a plugin for Snort, an open-source light-weight Intrusion Detection System (IDS). The plugin allows for automated blocking of IP addresses on following firewalls

3. Oinkmaster - http://oinkmaster.sourceforge.net/

Oinkmaster is a script that will help you update and manage your Snort rules

Tell me how you guys think about it? I think it will be great 8)

sullrich · Aug 22, 2006, 5:45 PM

Go for it.

energy · Aug 22, 2006, 7:53 PM

@sullrich:

Go for it.

I'm very n00b I d0nt kn0w h0wt0 ??? can u please make it for the people?

sullrich · Aug 22, 2006, 7:58 PM

I have no interest in these packages but someone else can step up to the plate if they are wanting to.

You may want to post a bounty depending on how badly you want these.

hoba · Aug 22, 2006, 8:12 PM

If you are interested in this go to the bounty section and offer some money there. Atm none of the devs are interested in adding a snort package and are heavily busy with other stuff. Also a package doesn't have to be done by one of the coredevs. Others might be interested to pick up that work too if you put a bounty on it.

energy · Aug 23, 2006, 6:37 AM

@sullrich:

I have no interest in these packages but someone else can step up to the plate if they are wanting to.

You may want to post a bounty depending on how badly you want these.

Why no interest? it only adds a extra security layer of protection to your firewall and alot of people will like it and can make pfSense more poplair. I think either its not hard to compile it for community, maybe u can explain me howto? thanks.

hoba · Aug 23, 2006, 6:47 AM

We have a lot of other plans in the pipe that have to be developed. A snort package is NOT a priority or on any todo list right now. Either emphasis your demand with a bounty or try to make your way through the code and implement it yourself and commit your work when it's done. You'll find everything that is needed in the cvs archives at pfsense.com.

sullrich · Aug 23, 2006, 3:16 PM

@energy:

Why no interest? it only adds a extra security layer of protection to your firewall and alot of people will like it and can make pfSense more poplair. I think either its not hard to compile it for community, maybe u can explain me howto? thanks.

Because time does not grow on trees.

energy · Aug 24, 2006, 11:58 AM

@sullrich:

@energy:

Why no interest? it only adds a extra security layer of protection to your firewall and alot of people will like it and can make pfSense more poplair. I think either its not hard to compile it for community, maybe u can explain me howto? thanks.

Because time does not grow on trees.

Ok, I got your point, but how much (minutes/hours) do you think does it take to compile these packages for pfSense?

sullrich · Aug 24, 2006, 2:00 PM

Its much more work beyond simply compiling the pacakges. GUIS would need to be created, etc. I really don't know how long it would take but a complete guess would be a good 2 weeks for a good squid GUI alone.

querdenker · Aug 25, 2006, 2:46 PM

Just a note

Imho it is easier to operate an IDS on an external device!

marcus