Emerging Threats Firewall Rules

  • Anyone have any thoughts on how to setup a cron job to auto update these into a rules alias or even individual firewall rules?

    I currently have a cron job setup that uploads the snort rules and drops from them, but I figure having actual firewall rules would work better for this though.



  • oh..this looks interesting. I too would be interested in know how to apply these rules into PFSense.

  • What, if somebody hacks that stuff and opens all your ports via the cron job?

  • I'm not to worried about that. I have other ways of watching what gets updated there (via oinkmaster on some of the inline snort boxes at work). The worst case scenario is that a non malicious IP address gets added to the block list. That usually isn't to huge of a problem either.

  • You can write a package for that it is very easy in this case.

  • @ermal:

    You can write a package for that it is very easy in this case.

    Do you mean with snort and the rule upload or do you mean with just simple blocking based on the IP lists?

    I have been trying to figure out a simple way to block them completely bypassing the web gui without messing anything up. (Something similar to the iptables scripts that they already have there.)

  • Just the list of ips with a script to check them.
    In 2.0 there would be a possibility to do this. Not sure the time frame but it will be there in base system trhoug aliases.

  • this would be an excellent feature to have it automatically update and block a list of ip addresses