Snort auto-update whitelist with dynamic WAN gateway?
-
Hello,
The subject line pretty much sums up my question. Our WAN gateway is dynamic, so I'm wondering if Snort will automatically update it in the whitelist when it changes.
Cheers
-
I recently added new code to both the Snort and Suricata custom blocking plugins so that an interface IP-change monitoring thread is launched when the binary is started. The thread subscribes to FreeBSD kernel routing table messages. When a firewall locally-connected interface IP changes, the old IP is removed from the auto-whitelist and the new IP is inserted. I need to look again, but I don't think I was looking for and pulling out the gateway address changes. If not, perhaps I can add that option to the new auto-whitelist feature.
Bill
-
Wonderful. Thank you, Bill. That would be very helpful.