Snort mailing list archives
Re: Need help with PC config
From: Thrynn <thrynn404 () gmail com>
Date: Fri, 4 Aug 2006 14:46:18 -0400
On 8/3/06, Mike Montgomery <mmontgomery () c3bb com> wrote:
Hi, attempting to setup a snort-inline box. What I want to do is be able to filter traffic with the box just having traffic pass thru 2 nics on a bridge. But when I setup the nic's in bridge mode, and do the iptables -I INPUT -p tcp --dport 80 -j QUEUE
The INPUT chain is for packets going TO the box. For your bridge, packets are going through the box. Put your QUEUE rule on the FORWARD chain. then run snort, it dont catch anything. I have tried enabling the porn
rules, and search for items in the content and it throws up no alerts, nor drop anything (depending on rules used). Can I not have the nics in bridge? How would i pass traffic thru the box seamlessly without being bridged? Mike -- Mike Montgomery Network Administrator Tower Climbing & Rescue Citizens Communications Broadband & Tower Service ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Need help with PC config Mike Montgomery (Aug 03)
- Re: Need help with PC config Thrynn (Aug 04)
- Re: Need help with PC config Mike Montgomery (Aug 04)
- Re: Need help with PC config Thrynn (Aug 04)