Snort mailing list archives
Re: Network kernels params recommendations for snort_inline with nfqueue
From: carlopmart <carlopmart () gmail com>
Date: Thu, 10 Jul 2008 09:45:49 +0200
Thanks Will ... But I have this rule on my iptables script. My "iptables -vL" Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- any any 172.17.35.2 anywhere 15 1437 DROP all -- any any silmarillion.hpulabs.org anywhere 19914 24M IPS-Firewall-INPUT all -- any any anywhere anywhere Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- any any 172.17.35.2 anywhere 0 0 DROP all -- any any silmarillion.hpulabs.org anywhere Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 15374 2174K IPS-Firewall-OUTPUT all -- any any anywhere anywhere Chain IPS-Firewall-INPUT (1 references) pkts bytes target prot opt in out source destination 753 902K ACCEPT all -- lo any anywhere anywhere 19034 24M NFQUEUE all -- any any anywhere anywhere state RELATED,ESTABLISHED NFQUEUE num 0 0 0 NFQUEUE tcp -- any any anywhere anywhere state NEW tcp dpt:ssh NFQUEUE num 0 0 0 NFQUEUE tcp -- any any anywhere anywhere state NEW tcp dpt:http NFQUEUE num 0 127 3556 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited Chain IPS-Firewall-OUTPUT (1 references) pkts bytes target prot opt in out source destination 15374 2174K NFQUEUE all -- any any anywhere anywhere NFQUEUE num 0 Will Metcalf wrote:
Victors recomendations are fine.... Add the following to the top of your iptables script, you shouldn't be sending loopback traffic to snort_inline iptables -A INPUT -i lo -j ACCEPT
------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Network kernels params recommendations for snort_inline with nfqueue carlopmart (Jul 04)
- Re: Network kernels params recommendations for snort_inline with nfqueue carlopmart (Jul 09)
- Re: Network kernels params recommendations for snort_inline with nfqueue Will Metcalf (Jul 09)
- Re: Network kernels params recommendations for snort_inline with nfqueue carlopmart (Jul 10)