Re: OT: ipfilter Suggestions for Snort Use

[James Ainslie <james () gambling com>]

On Mon, 22 Apr 2002, Ryan Hill wrote:


Hey man,

> I am attempting to create and optimize my first ipfilter rule set under
> FreeBSD 4.5-STABLE and would appreciate any and all feedback regarding the
> rule set I've come up with thus far.

Just a note, I dont know how closely you follow the mailing lists, but we have
had some issues with ipfilter on highly loaded boxes, symptoms included the box
becoming totally unresponsive and ultimately ceasing to pass packets.

This was fixed by updating the version of ipfilter, to : v3.4.25 (336)
But apart from this... ipfilter rocks. Good choice :). I just didnt see any point in
you bashing your brains out quite as much as we did on a problem that was solved
with a version upgrade.

> Also, can anyone tell me if ipmon and ipstat are included in the compiled
> ipfilters package?  I see references to them in the ipfilter how-to
> (http://www.obfuscation.org/ipf/ipf-howto.txt), but haven't been able to
> determine where they're located (caveat, I haven't compiled for ipfilter
> yet, I'd like to get the rule set finalized before venturing down this
> path).

Yes they are. And I think you mean ipfstat.
/usr/sbin/ipmon
/sbin/ipfstat

Hopes that works for you :)
-- 
James Ainslie <unixhead>
gambling.com




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users