Snort mailing list archives
mark packets for further processing via iptables/tc ?
From: "Gerd Feiner" <g.feiner () cablesurf de>
Date: Wed, 11 Dec 2002 11:55:34 +0100
hi there, I am new to this list and did a search on the archives prior to posting my question. However, I can't seem to find the solution to my problem. Let me explain what i want to achieve: I want (if somehow possible) use SNORT to investigate traffic on my internet-link for a very special purpose. I'd like to seek for P2P-traffic (kazaa, morpheus, edonkey, etc.) and then -mark- the matching packets so that I can shape them with the tc-command. For that purpose, however, the packets must be marked in the same way iptables does - tc has a filter for fw-marked packets. Now, I read the FAQ and found something about Guardian and automagically blocking packets - but that's not what I want. Did I miss something on Guardian's abilities or is there another way of achieving this? However, since that Guardian is an additional step in the process, I'd rather like to avoid it. Would be very nice if SNORT could mark packets like iptables natively - and would also add a great deal of flexibilty. Thanks in advance. -g ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- mark packets for further processing via iptables/tc ? Gerd Feiner (Dec 11)
- Re: mark packets for further processing via iptables/tc ? Matt Kettler (Dec 19)