Snort mailing list archives
snort-inline error
From: Kathy A <kathya6200 () yahoo com>
Date: Wed, 16 Apr 2003 05:40:01 -0700 (PDT)
Thanks to Tim and Rob I have the beginnings of a snort-inline script running as IPS. However, I am having problems running my customized script and am looking for some help. Script is below. Error is: "Couldn't load target udpHandler /usr/local/lib/iptables/libipt_udpHandler.so: cannot open shared object file: No such file or directory" I'm running this script on a linux 7.3 box, with a "normal" version of snort running and not much else.... kathy ---------------------------------- MODE="nat" QUEUE="yes" LAN_IFACE="eth0" RESTRICT="no" SCALE="hour" TCPRATE="9" UDPRATE="20" ICMPRATE="20" OTHERRATE="10" HPOT_IP="10.3.2.121" .... (regular variables, etc.) #### Create protocol handling chains $IPTABLES -N udpHandler $IPTABLES -N tcpHandler $IPTABLES -N icmpHandler $IPTABLES -N otherHandler # IPTABLES -P INPUT ACCEPT # $IPTABLES -P FORWARD ACCEPT # $IPTABLES -P OUTPUT ACCEPT # Allow all Traffic on your loopback interface $IPTABLES -A INPUT -i lo -p all -j ACCEPT # Start off on the INPUT table and allow anything back in that was # originated from your system # turn this off temp #$IPTABLES -A INPUT -i $LAN_IFACE -p all -m state --state ESTABLISHED,RELATED -j ACCEPT ### Inbound TCP $IPTABLES -A INPUT -i $LAN_IFACE -p tcp -m state --state NEW -j LOG --log-prefix "INBOUND TCP: " $IPTABLES -A INPUT -i $LAN_IFACE -p tcp -m state --state NEW -j ACCEPT ### Inbound UDP # $IPTABLES -A INPUT -i $LAN_IFACE -p udp -m state --state NEW -j LOG --log-prefix "INBOUND UDP: " #$IPTABLES -A INPUT -i $LAN_IFACE -p udp -m state --state NEW -j ACCEPT ..... (load ip queue, etc..) # i'm testing this to try and drop packets LIMIT_IP=$HPOT_IP host=$HPOT_ID for host in ${LIMIT_IP}; do $IPTABLES -A INPUT -p udp -i $LAN_IFACE -m state --state NEW -m limit --limit ${UDPRATE}/${SCALE} --limit-burst ${UDPRATE} -s ${host} -j udpHandler $IPTABLES -A INPUT -p udp -i $LAN_IFACE -m state --state NEW -m limit --limit 1/${SCALE} --limit-burst 1 -s ${host} -j LOG --log-prefix "Drop udp after ${UDPRATE} attempts" $IPTABLES -A INPUT -p udp -i $LAN_IFACE -m state --state NEW -s $s{host} -j DROP done ### Inbound ICMP $IPTABLES -A INPUT -i $LAN_IFACE -p icmp -m state --state NEW -j LOG --log-prefix "INBOUND ICMP: " $IPTABLES -A INPUT -i $LAN_IFACE -p icmp -m state --state NEW -j ACCEPT ..... if test $QUEUE = "yes" then $IPTABLES -A INPUT -i $LAN_IFACE -m state --state RELATED,ESTABLISHED -j QUEUE fi $IPTABLES -A INUT -i $LAN_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT ## These define the handlers that actually limit outbound connection. $IPTABLES -A udpHandler -j LOG --log-prefix "OUTBOUND CONN UDP: " if test $QUEUE = "yes" then $IPTABLES -A udpHandler -j QUEUE fi $IPTABLES -A udpHandler -j ACCEPT __________________________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort-inline error Kathy A (Apr 16)