HELP: Configuring IPTABLES on SnortSam blocking agent

[Rachmat Hidayat Al-Anshar <rachmat_hidayat_02 () yahoo com>]

Hi again guys, 

I have a little confused with the Fabrizio's statement 
on how we set the IPTABLES to make the snortsam agent
effectively block the bad ip address that have been delivered
by snortsam output plugin on snort machine.

BLOCK COMMAND:
/sbin/iptables -I FORWARD -i %s  -s %s -j DROP
/sbin/iptables -I INPUT -i %s  -s %s -j DROP

UNBLOCK COMMAND:
/sbin/iptables -D FORWARD -i %s  -s %s -j DROP
/sbin/iptables -D INPUT -i %s  -s %s -j DROP


note:
-i  = interface to block the bad ip address
-s = remote source ip address to be blocked

There is no problem at all with "-i" switch, the thing was bothering me
is the "-s" switch. How can I issue the bad ip address? 
in fact the snortsam outplugin on snort machine just send the "src" contains 
the bad ip address that was detected by snort. We talking about the random 
and dynamic ip address don't we?

so, what do you think guys?!?! what should I do?!




      ____________________________________________________________________________________
Be a better sports nut!  Let your teams follow you 
with Yahoo Mobile. Try it now.  http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users