5. Snort Blocking Hosts 5 minutes

Snort Blocking Hosts 5 minutes

  • R

    Hello we are using Snort to block offending hosts.
    However the shortest time I could set to Remove the blocked hosts from the snort2c table is 1 hour.
    I would like to set this to 5 minutes.
    I have tried to edit the /conf/config.xml to set <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 300 snort2c.
    But this get's overwritten after a reboot.

    I tried to edit /etc/crontab
    */5 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 300 snort2c
    This also get's overwritten by a reboot and also after a reload of Snort.

    I tried to set this line in the root crontab with crontab -e.
    The task get's executed but the command doesn't work.

    Can anyone please tell me how to do this?
    Thank you

    0
  • P

    If you want to add a cron job that survives a reboot, then install the cron package - that lets you add and edit crontab jobs from the GUI, and saves them in the config, and they are regenerated at boot time.

    0
  • R

    Thank you very much, this indeed works very well.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy