iptable support

["Joshua Brindle" <jbrindle () snu edu>]

There was some talk in november of last year about a version of snort written to use iptables but i can't find this 
anywhere, and the authors email @secureworks.net seems not to work anymore. The responce said that snort would likely 
at some time be more modular and able to support alternate packet capturers, but it seems like snort is still very 
reliant on pcap. The reason i'm wondering is because i want a sort of active IDS that will simply drop packets that 
match a signature, instead of trying to reset the connection. I wrote a pcap 'driver' that uses ipq but it seems that 
the m->payload and bp are in different formats and i don't know how to convert between them, the patch is at 
http://web.snu.edu/~jbrindle/pcap-netfilter.diff if anyone wants to take a look and see what they can do, or tell give 
me more info on snorts state as non-pcap reliant. Thanks for any info or pointers. :)

Joshua Brindle
UNIX Administrator
Southern Nazarene University

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users