Snort mailing list archives
Bridge+FireWall+snort
From: data () reypastor hispalinux es (Jesus Climent)
Date: Mon, 3 Dec 2001 16:02:06 +0100
Hi all! Let's see if someone has already solved this problem: I have a machine (FreeBSD 4.4) with bridging between 2 net cards. I have already installed it and set the firewall rules (right now very basic ones, but all of them rejecting incoming traffic, so no problem) The idea is to set snort so we can actively deny incoming traffic once we open it little more. The schema is as follows: [LocalArea] <--------+ +----------> WAN | | | | eth0 *** *** eth1 *** *** +---------------------+ | ^ ^ | | | | | | | | | | +-+-----+--+ | | | | | | ipfw snort | | | | | ^ | | | +------+ | | | | FreeBSD 4.4 | +---------------------+ Ok. Now the literature. The idea is having snort so if we receive some call from an authorized machine which has been infected, let's say, by nimda, we can dynamically insert a rule in ipfw denying traffic from that machine to the LocalArea. The only problem is that I have not been able to find any traffic using snort. I have opened a system from outside and tryed to start an alarm by providing one snort basic rule, but I get no alert message. Has anyone done something similar? Please, feel free to send comments or suggestions. TIA, Jesse. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Bridge+FireWall+snort Jesus Climent (Dec 03)