Question on Snort IP REP



  • Looking at the IP Rep option I see where you can add list…
    Question: It seems the list are stored locally and not pulled from a site (like PFBlocker)
    Is this the norm or will added feature be coming latter to pull list from web and do scheduled updates like PFBlocker?
    If I understand correctly, IP Rep “could” replace PBBlocker at some point? (or am I wrong?)
    Thanks for your help and hard work on Snort (and Suricta)

    vito



  • @vito:

    Looking at the IP Rep option I see where you can add list…
    Question: It seems the list are stored locally and not pulled from a site (like PFBlocker)
    Is this the norm or will added feature be coming latter to pull list from web and do scheduled updates like PFBlocker?
    If I understand correctly, IP Rep “could” replace PBBlocker at some point? (or am I wrong?)
    Thanks for your help and hard work on Snort (and Suricta)

    vito

    You are correct that, at the moment, the lists are static and stored locally.  I think some users have created their own cron jobs and associated scripts to download updates and write them to the directory.

    For now, if a list is updated, Snort needs to be restarted in order to pick it up.  I am investigating some other options for the future.

    Bill