Country Block functionality in pre-processor

[Mehma Sarja <mehmasarja () gmail com>]

Been running both country block and snort for the past few months and 
have one observation. Searched lists for similar discussion and did not 
find any. From what little I understand, the pre-processor rules are 
like a scouting party sent out by the military. Their job is to report 
on the approaching enemy.

I am seeing one of the countries blocked being marked by the 
pre-processor and if true, have this one suggestion. If user selected 
to-block countries are somehow implemented in the pre-processors and 
requests from those IPs are dropped, it will free up firewall resources. 
In my case, I am blocking all but 4 countries for my home setup. Imagine 
the resource savings if snort does not have to hassle with 98% of the 
IPs trying to come in.

Mehma

------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel