Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort and IPTables?

From: "Dave Fitches" <sticks.au () bigfoot com>
Date: Tue, 12 Jun 2001 19:03:03 +1000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm running Snort 1.7 with IPtables on RH 7.1 without any troubles at all...
My firewall script can be viewed at http://www.sticks.f2s.com/iptables.html
I'm pretty much using a standard Snort Config.

Works beautifully... :)

- -

    = Dave Fitches =

________________________________________________________
 ,--__|\    David Fitches
/       \   * ICQ : 2120090   * SATCO CID : 955589
\_,--\__/   * Mobile : +61-419-466-744
       v    * E-mail : sticks.au () bigfoot com
               Melbourne, Victoria, Australia
               Web: http://www.bigfoot.com/~sticks.au/
_______________________________________________________
Please Note: Unless this e-mail has been sent as PRIVATE, PERSONAL or
CONFIDENTIAL, the receiver may forward copies of it on the condition  that
they send an advisory message to the original sender.
If however the message has been marked PRIVATE, PERSONAL or CONFIDENTIAL
prior consent MUST be obtained before the message can be forwarded.


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Louie
Martinez
Sent: Tuesday, 12 June 2001 10:13
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort and IPTables?


I was wondering if snort only works with ipchain's and not with iptables.

Has anyone got it to work with iptables? I'm currently using
shorewall-1.1.7 to manage iptables and I haven't been able to get
it to log
anything. I created a the following test rule....

alert tcp any any -> any any (msg:"TCP test rule";)

and it seemed to like that fine and detected all the packets sent
with the
sample attack script but removing the rule didn't trigger any of
the other
default snortrules.

Perplexed


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBOyXaxwUhkO6Zt2EDEQL17gCfTKBk+lprjrEoIijMmmMH+GySESsAn0Oi
yGZRTBEJlc4XY+HrxXivTNRt
=H14M
-----END PGP SIGNATURE-----


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: