Spoink is an output plugin for snort that works by
blocking access to attackers using OpenBSD's pf
API. Spoink uses a pf table and a blocking rule to
stop "attackers" from accessing your system. To
protect from false negatives you must have a
whitelist full of IP addresses. It only blocks
attacks defined in snort rules.