Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Freebsd & snort inline

From: maleficcode () gmail com
Date: 13 Sep 2006 06:03:41 -0000
You need to compile the following into your kernel:

options IPFIREWALL
options IPDIVERT

Then you need to read the firewall and NAT sections in the FreeBSD handbook.

You will need something similar to the following in your ipfw script:

ipfw add xxx divert 6969 ip from any to any

Start snort inline with something like:

snort_inline -J 6969 -c snort_inline.conf

Some handy resources:

http://freebsd.rogness.net/snort_inline/

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: