Snort mailing list archives
Re: Snort stops logging
From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 02 Jul 2004 10:13:26 -0500
--On Friday, July 02, 2004 11:36:06 AM +0200 Ralf Eberle <iceman () iceserver ath cx> wrote:
Before you set up a firewall, you need to decide what your goal is. Are you aware that your firewall has a default "allow all" policy? In general, when setting up a host-based firewall, a "deny all" default policy is preferred. This ensures that only the things you allow to pass in will do so.I have include my ruleset below. I need to say that this is my first firewall setup and my first own rules.
Thanks in advance for your help. Ralf Eberle Here my ruleset: 20000 0 0 check-state 20000 95554 9313534 allow ip from any to any via lo0
Immediately after this rule, you should have one that allows all traffic to pass to the NIC that snort is listening on. Something like this:
20001 allow ip from any to any via xl0Do you have two NICs in this machine? One for snort to listen on, and one for "normal" traffic?
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training.Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort stops logging Ralf Eberle (Jul 02)
- Re: Snort stops logging Paul Schmehl (Jul 02)