scripting for snort/guardian interaction with ipfilter

["Nathan Whitehouse" <nwhitehouse () compendiumusa net>]

HI everyone.
Got a little question.
I'm trying to write a script to use with my snort/guardian setup to
dynamically add rules to my ipfilter rules set on the fly.
I downloaded a script from the guardian website that should work but as far
as I can tell it dose not.
This is something like what I'm thinking of.
#!/bin/sh
source=$1
interface=$2
loglevel="local7.alert"
options=""
echo "ipf -P @1 block in log $option level $loglevel quick on $interface
from $source to any"
(I don't have much experience in writing shell scripts)
the original looks as such.
#!/bin/sh
source=$1
interface=$2
loglevel="local7.alert"
options=""
echo "block in log $options level $loglevel quick on $interface from $source
to any" | /sbin/ipf -f -
The script is called as such.
'/usr/local/bin/guardian_block.sh 10.10.10.10 fxp0'

Basically I need to add the new rule to the top of the IPFILTER rules list
from the command line.

Any help would be grate.

Thanks


Nathan Whitehouse
Network Operations & Systems Administrator
CompEndium Services Inc.
Main 877-709-2667
Local 678-985-5678
Direct 770-822-6697



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.408 / Virus Database: 230 - Release Date: 10/24/2002




-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users