Blocked hosts from Snort



  • Does the snort package create an alias or anything for hosts currently in the blocked list? Or is it located somewhere?

    I would like to setup a firewall rule to redirect internal blocked hosts to a website indicating why they have been blocked and to contact an IT member.

    Cheers


  • Moderator

    Snort and Suricata populate the "snort2c" file which can be seen in the Table Viewer in Diagnostics I believe.



  • How do you reference these tables in firewall rules. Some of them are aliases which is ok, but the others are not like snort2c.

    Is there an easy way to get say squidguard to read the snort2c table and redirect any hosts to an error page?


Log in to reply