Snort mailing list archives
Re: snort-inline and iptables INPUT chain
From: Victor Julien <victor () nk nl>
Date: Mon, 28 Feb 2005 21:41:54 +0100
On Monday 28 February 2005 19:47, Laurent Haond wrote:
Hi all, I'm new to Snort and the iptables QUEUE target, though i use iptables since long time... I've setup a firewall on a box (On Lan / Two Internet Access), using nat/conntrack and patched iproute2/kernel (multipath gateway) I've installed snort 2.3.0 and barnyard on it, i launch snort with : /usr/sbin/snort -QDq -c /etc/snort.conf (module ip_queue is loaded) I've taken my firewall/iptables scripts and replaced all "-j ACCEPT" with "-j QUEUE" : - Boxes from lan network can acces internet and snort seems to be running fine ( i've some alert about using aim chat, etc...) - but i can't connect to the box (running snort/firewall) , i've no more access to ssh running on port 22.. (but not alert about theses connections) (no more success if i change the sshd port) - i can still ping it (it triggers icmp alerts).
Hmmm, the only thing i can think of is that you forgot to queue the traffic on the OUTPUT chain.
Reading older posts, i do not really understand if sort-inline does only work with the FORWARD chain ?
No it works on the other chains as well.
so do i need to replace all "-j ACCEPT" with "-j QUEUE" only for FORWARD chain ? Or is it a problem/option missing on stream4 preprocessor, or a probleme with ip_conntrack ?
Can you show us the iptables rules? Regards, Victor
Thanks for any suggestions... Best Regards Laurent ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort-inline and iptables INPUT chain Laurent Haond (Feb 28)
- Re: snort-inline and iptables INPUT chain Victor Julien (Feb 28)
- Re: snort-inline and iptables INPUT chain Laurent Haond (Mar 01)
- Re: snort-inline and iptables INPUT chain Will Metcalf (Mar 02)
- Re: snort-inline and iptables INPUT chain Laurent Haond (Mar 02)
- Re: snort-inline and iptables INPUT chain Laurent Haond (Mar 02)
- Re: snort-inline and iptables INPUT chain Will Metcalf (Mar 02)
- Re: snort-inline and iptables INPUT chain Laurent Haond (Mar 02)
- Re: snort-inline and iptables INPUT chain Will Metcalf (Mar 02)
- Re: snort-inline and iptables INPUT chain Laurent Haond (Mar 02)
- Re: snort-inline and iptables INPUT chain Laurent Haond (Mar 01)
- Re: snort-inline and iptables INPUT chain Victor Julien (Feb 28)
- Re: snort-inline and iptables INPUT chain Laurent Haond (Mar 02)