# cd /usr/ports/security/ossec-hids-server # make install clean # rehash
Enable active response firewall-drop. OSSEC detects whatever firewall you use and installs the appropriate active-response/bin/firewall-drop.sh script.
If the script uses pf additional setup is needed: create ossec_fwtable table and block all traffic from hosts of this table. Just like in my PF example.
Add to /etc/rc.conf:
# Enable OSSEC ossechids_enable="YES"
# chmod -R ug+w /usr/local/ossec-hids
# service ossec-hids start