Honeypots mailing list archives
rc.firewall script questions
From: <kathya6200 () yahoo com>
Date: 19 Jun 2003 13:47:06 -0000
I have a few questions about the rc.firewall script - on the sebek logging section - if set to 'yes' , I understand that the dst_ip's will be dropped, but am assuming that sebek packets are still captured at the honeywall. Also, would 'outside the honeynet' include the 'production' systems in your Figure A? 2) the section titled "VARIABLES THAT RESTRICT WHAT THE FIREWALL CAN SEND OUT " - does the firewall here refer to the honeywall? If this restricts data to certain ports, does this supercede the connection-limiting (snort- inline) rules? As u can tell, I'm a bit confused about this area. Thanks for any help u can give me-
Current thread:
- rc.firewall script questions kathya6200 (Jun 19)