[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Firewall active response

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Firewall active response
From: Dimitri Yioulos <dyioulos@xxxxxxxxxxxxx>
Date: Wed, 9 May 2007 13:43:58 -0400
Content-disposition: inline
Content-transfer-encoding: 7bit
Organization: First 1 Financial Corporation

Hi, folks.

Even though I've been using O-H for w while now, I still think I have this 
screwed up:  I want to use the firewall active response.  However, it doesn't 
seem to be working.  My firewall is on a different box from O-H server.  
Here's the directive I have in my ossec.conf file:

  <active-response>
    <!-- Firewall Drop response. Block the IP for
       - 600 seconds on the firewall (iptables,
       - ipfilter, etc).
      -->
    <command>firewall-drop</command>
    <location>defined-agent</location>
    <agent_id>004</agent_id>
    <level>6</level>
    <timeout>600</timeout>
  </active-response>

Would someone be kind enough to give me a hand to make this work?

Many thanks.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Follow-Ups:
- [ossec-list] Re: Firewall active response
  - From: Daniel Cid

Prev by Date: [ossec-list] OSSEC and phpmyadmin
Next by Date: [ossec-list] wiki question
Previous by thread: [ossec-list] OSSEC and phpmyadmin
Next by thread: [ossec-list] Re: Firewall active response
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.