Quote:
Originally Posted by Peter_APIIT
General protection. I don't have any web server, database server not ftp or sshd.
|
So basically, it sounds like the packets that would trigger snort alerts would have been blocked by pf anyway. Perhaps an alternative is the pf overload <table> statement, which allows you to automatically block certain IP:s, without the added effort and security risks of running snort on your external interface(s).