Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Blocking Hosts 5 minutes

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    3 Posts 2 Posters 880 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RvdL
      last edited by

      Hello we are using Snort to block offending hosts.
      However the shortest time I could set to Remove the blocked hosts from the snort2c table is 1 hour.
      I would like to set this to 5 minutes.
      I have tried to edit the /conf/config.xml to set <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 300 snort2c.
      But this get's overwritten after a reboot.

      I tried to edit /etc/crontab
      */5 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 300 snort2c
      This also get's overwritten by a reboot and also after a reload of Snort.

      I tried to set this line in the root crontab with crontab -e.
      The task get's executed but the command doesn't work.

      Can anyone please tell me how to do this?
      Thank you

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        If you want to add a cron job that survives a reboot, then install the cron package - that lets you add and edit crontab jobs from the GUI, and saves them in the config, and they are regenerated at boot time.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • R
          RvdL
          last edited by

          Thank you very much, this indeed works very well.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.