Snort mailing list archives
Re: Snort with IPtables
From: Jeremy Hoel <jthoel () gmail com>
Date: Thu, 6 Jun 2013 22:08:16 -0600
we run iptables on all our sensors, but we don't give the sniffing port an ip and have no iptables entries for it. It works like a champ. On Thu, Jun 6, 2013 at 10:03 PM, Steven McLaughlin <steve () lan com au> wrote:
Hi All, Whats the take on running a snort sensor with IPtables running. In first instance I would think this interferes with sensor detection capability. Is anyone running IPtables on the same host as their Snort sensor? If so, what is the best way to nail this? The reason I ask is that I have two interfaces. One is the management interface which will have an IP address. This interface will deny all incoming traffic except for tcp/22 and tcp/443 inbound connections. The other interface is the snort sensor on eth1. The sensor is listening only. So is a rule allowing all incoming like so sufficient for Snort sniffing: -A INPUT -i eth1 -j ACCEPT Or should I also allow all outbound as follows: -A INPUT -i eth1 -j ACCEPT -A OUTPUT -i eth1 -j ACCEPT Alternatively, is there a best practice IPtables configuration for snort sensors? thanks, Steve ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort with IPtables Steven McLaughlin (Jun 06)
- Re: Snort with IPtables Jeremy Hoel (Jun 06)
- Re: Snort with IPtables Steven McLaughlin (Jun 06)
- Re: Snort with IPtables Jeremy Hoel (Jun 06)
- Re: Snort with IPtables waldo kitty (Jun 07)
- Re: Snort with IPtables Steven McLaughlin (Jun 07)
- Re: Snort with IPtables Steven McLaughlin (Jun 06)
- Re: Snort with IPtables Jeremy Hoel (Jun 06)