Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Emerging Threats Firewall Rules

    Firewalling
    5
    8
    3788
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      r3dn3ck last edited by

      Anyone have any thoughts on how to setup a cron job to auto update these into a rules alias or even individual firewall rules?

      I currently have a cron job setup that uploads the snort rules and drops from them, but I figure having actual firewall rules would work better for this though.

      http://emergingthreats.net/fwrules/

      Thanks,
      Matt

      1 Reply Last reply Reply Quote 0
      • J
        jits last edited by

        oh..this looks interesting. I too would be interested in know how to apply these rules into PFSense.

        1 Reply Last reply Reply Quote 0
        • M
          Monoecus last edited by

          What, if somebody hacks that stuff and opens all your ports via the cron job?

          1 Reply Last reply Reply Quote 0
          • R
            r3dn3ck last edited by

            I'm not to worried about that. I have other ways of watching what gets updated there (via oinkmaster on some of the inline snort boxes at work). The worst case scenario is that a non malicious IP address gets added to the block list. That usually isn't to huge of a problem either.

            1 Reply Last reply Reply Quote 0
            • E
              eri-- last edited by

              You can write a package for that it is very easy in this case.

              1 Reply Last reply Reply Quote 0
              • R
                r3dn3ck last edited by

                @ermal:

                You can write a package for that it is very easy in this case.

                Do you mean with snort and the rule upload or do you mean with just simple blocking based on the IP lists?

                I have been trying to figure out a simple way to block them completely bypassing the web gui without messing anything up. (Something similar to the iptables scripts that they already have there.)

                1 Reply Last reply Reply Quote 0
                • E
                  eri-- last edited by

                  Just the list of ips with a script to check them.
                  In 2.0 there would be a possibility to do this. Not sure the time frame but it will be there in base system trhoug aliases.

                  1 Reply Last reply Reply Quote 0
                  • G
                    grandrivers last edited by

                    this would be an excellent feature to have it automatically update and block a list of ip addresses

                    pfsense 2.4 super micro A1SRM-2558F
                    C2558 8gig ECC  60gig SSD
                    tripple Wan dual pppoe

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post