Snort mailing list archives

Re: Network kernels params recommendations for snort_inline with nfqueue

From: carlopmart <carlopmart () gmail com>
Date: Thu, 10 Jul 2008 09:45:49 +0200

Thanks Will ... But I have this rule on my iptables script. My "iptables -vL"

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source               destination 

     0     0 DROP       all  --  any    any     172.17.35.2          anywhere 

    15  1437 DROP       all  --  any    any     silmarillion.hpulabs.org 
anywhere
19914   24M IPS-Firewall-INPUT  all  --  any    any     anywhere 
anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source               destination 

     0     0 DROP       all  --  any    any     172.17.35.2          anywhere 

     0     0 DROP       all  --  any    any     silmarillion.hpulabs.org 
anywhere

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source               destination 

15374 2174K IPS-Firewall-OUTPUT  all  --  any    any     anywhere 
anywhere

Chain IPS-Firewall-INPUT (1 references)
  pkts bytes target     prot opt in     out     source               destination 

   753  902K ACCEPT     all  --  lo     any     anywhere             anywhere 

19034   24M NFQUEUE    all  --  any    any     anywhere             anywhere 
         state RELATED,ESTABLISHED NFQUEUE num 0
     0     0 NFQUEUE    tcp  --  any    any     anywhere             anywhere 
          state NEW tcp dpt:ssh NFQUEUE num 0
     0     0 NFQUEUE    tcp  --  any    any     anywhere             anywhere 
          state NEW tcp dpt:http NFQUEUE num 0
   127  3556 REJECT     all  --  any    any     anywhere             anywhere 
          reject-with icmp-host-prohibited

Chain IPS-Firewall-OUTPUT (1 references)
  pkts bytes target     prot opt in     out     source               destination 

15374 2174K NFQUEUE    all  --  any    any     anywhere             anywhere 
         NFQUEUE num 0

Will Metcalf wrote:

Victors recomendations are fine....

Add the following to the top of your iptables script, you shouldn't be
sending loopback traffic to snort_inline

iptables -A INPUT -i lo -j ACCEPT



-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Network kernels params recommendations for snort_inline with nfqueue carlopmart (Jul 04)
- Re: Network kernels params recommendations for snort_inline with nfqueue carlopmart (Jul 09)
- Re: Network kernels params recommendations for snort_inline with nfqueue Will Metcalf (Jul 09)
  - Re: Network kernels params recommendations for snort_inline with nfqueue carlopmart (Jul 10)