Re: Handling firewall rejected packets in SNort IPS

[waldo kitty <wkitty42 () windstream net>]

On 5/19/2013 10:19, James Lay wrote:
> On May 19, 2013, at 6:32 AM, VES Education <veseducation () yahoo com
> <mailto:veseducation () yahoo com>> wrote:
>
> > iptables -A Input jmptosnort
> > iptables -A Input jmptogood
> >
> > OR
> >
> > iptables -I Input jmptosnort
> > iptables -I Input jmptogood
> >
> >
> > in both cases, the actual ordering is not going to be what you expect it to
> > be... jmptosnort will be last in line and everything else will be acted on
> > first...
>
> -A will append….so the order you see in your script is the order you'll get in
> the table. -I will insert..each -I goes at the top of the table, effectively
> reversing the order in your script. Just thought I'd toss that out there.

:oops: thanks, james... i can't believe i let that go out bassackwards like 
that... i meant to flip the -A examples :( :oops:

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!