How to unblock IP on pfSense+Snort using API or command line ?
-
Hello,
I need to create one way that I fill the blocked IP into one form on my NOC system and this IP need to be unblocked on Snort that running on pfSense.
I'm not found the documentation about pfSense + Snort API or command line
do you know how I can do this ?
very thanks,
Rodrigo -
Yes, you can do this via a simple script using the
pfctl
utility. It will be up to you to figure out how to make it work in your NOC setup.This is the command line to execute:
/sbin/pfctl -t snort2c -T delete {$ip}
where you replace
{$ip}
with the actual IP address you want removed. So assuming I wanted to "unblock" 10.10.1.1, I would execute:/sbin/pfctl -t snort2c -T delete 10.10.1.1
Snort blocks by putting IP addresses into a predefined
pf
table called snort2c. You can list all of the IP addresses currently stored in that table, and thus get a list of currently "blocked" IPs, using this command:/sbin/pfctl -t snort2c -T show
-
@bmeeks perfect, very very very thanks