Question on Snort IP REP
-
Looking at the IP Rep option I see where you can add list…
Question: It seems the list are stored locally and not pulled from a site (like PFBlocker)
Is this the norm or will added feature be coming latter to pull list from web and do scheduled updates like PFBlocker?
If I understand correctly, IP Rep “could” replace PBBlocker at some point? (or am I wrong?)
Thanks for your help and hard work on Snort (and Suricta)vito
-
Looking at the IP Rep option I see where you can add list…
Question: It seems the list are stored locally and not pulled from a site (like PFBlocker)
Is this the norm or will added feature be coming latter to pull list from web and do scheduled updates like PFBlocker?
If I understand correctly, IP Rep “could” replace PBBlocker at some point? (or am I wrong?)
Thanks for your help and hard work on Snort (and Suricta)vito
You are correct that, at the moment, the lists are static and stored locally. I think some users have created their own cron jobs and associated scripts to download updates and write them to the directory.
For now, if a list is updated, Snort needs to be restarted in order to pick it up. I am investigating some other options for the future.
Bill
