[Bro] Flow blocking with iptables from Bro

Seth Hall seth at icir.org
Mon Jul 1 07:46:34 PDT 2013

On Jun 30, 2013, at 9:23 PM, Kamran Khan <krkhan at inspirated.com> wrote:

> To anyone who might be interested I've posted a Bro module along with instructions for blocking traffic flows with a timeout (using iptables and bash):
> http://inspirated.com/2013/07/01/blocking-traffic-flows-selectively-with-a-timeout-from-bro-ids

Cool!  Nice to see that people are moving forward with trying to make standardized interfaces for this stuff.  

It's actually similar to part of the Reaction framework that I have a bit of work done on.  We've been waiting on a few extra features to get into Bro first though.  Are you planning on doing any additional work on this?  We're always willing to prod people in the right direction if they're interested in working on Bro more closely.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list