Feature #3768
closed
Snort IPS/IDS
0%
Description
Hello Everyone,
I would like ask add timer (in minutes) for blocked IP in snort.
That timer will drop the drop rule after mention amount of time in minutes.
This will allow minimize attempts block good traffic and false positive as well.
Example:
Where in webui check mark for "Checking this option will ....." add another small text box which will be possible specify for how long offender will be blocked in minutes.
Thank you in advance.
Updated by Bill Meeks over 9 years ago
This feature already exists in the Snort package, but the setting is global and is located on the GLOBAL SETTINGS tab. Near the bottom of that page in the General Settings section is a drop-down selector for "Remove Blocked Hosts Interval". This settings controls a cron job which removes blocked IPs from the packet filter table.
So blocking the IP of offenders is enabled/disabled on a per-interface basis, but the clearing of blocked hosts interval is a global setting affecting all interfaces.
Updated by