Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort-inline and iptables INPUT chain

From: Laurent Haond <lhaond () bearstech com>
Date: Tue, 01 Mar 2005 16:50:11 +0100


Victor Julien a écrit :
Hmmm, the only thing i can think of is that you forgot to queue the traffic on the OUTPUT chain. 


Reading older posts, i do not really understand if sort-inline does only
work with the FORWARD chain ?


No it works on the other chains as well.


so do i need to replace all "-j ACCEPT" with "-j QUEUE" only for FORWARD
chain ?
Or is it a problem/option missing on stream4 preprocessor, or a probleme
with ip_conntrack ?


Can you show us the iptables rules?

Regards,
Victor
I've made test with very simple iptables rules (after flushing all rules filter / mangles and also tried a reboot) : 
iptables -F INPUT
iptables -F OUPUT
iptables -F FORWARD
iptables -A INPUT  -j QUEUE
iptables -A FORWARD -j QUEUE # (not needed this is a direct connection)
iptables -A OUPUT -j QUEUE
I still can't connect with ssh, but can i see an established connection on port 22 when looking in /proc/net/ip_conntrack
BTW, kernel is 2.4.27 / iptables 1.2.11 with some patch-o-matic extension applied. 

Any ideas ?

Regards

Laurent


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: