Re: [Snort-users] snort-inline and iptables INPUT chain
This is a discussion on Re: [Snort-users] snort-inline and iptables INPUT chain within the Snort forums, part of the System Security and Security Related category; hmmm what does your snort_inline.conf look like? What version of snort-inline are you using? Regards, Will On Tue, ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-02-2005
|
|||
|
|||
Re: [Snort-users] snort-inline and iptables INPUT chain
hmmm what does your snort_inline.conf look like? What version of
snort-inline are you using? Regards, Will On Tue, 01 Mar 2005 16:50:11 +0100, Laurent Haond <lhaond@bearstech.com> wr= ote: >=20 >=20 > Victor Julien a =E9crit : >=20 > > > >Hmmm, the only thing i can think of is that you forgot to queue the traf= fic on > >the OUTPUT chain. > > > > > > > >>Reading older posts, i do not really understand if sort-inline does onl= y > >>work with the FORWARD chain ? > >> > >> > > > >No it works on the other chains as well. > > > > > > > >>so do i need to replace all "-j ACCEPT" with "-j QUEUE" only for FORWAR= D > >>chain ? > >>Or is it a problem/option missing on stream4 preprocessor, or a problem= e > >>with ip_conntrack ? > >> > >> > > > >Can you show us the iptables rules? > > > >Regards, > >Victor > > > > > > > I've made test with very simple iptables rules (after flushing all rules > filter / mangles and also tried a reboot) : > iptables -F INPUT > iptables -F OUPUT > iptables -F FORWARD > iptables -A INPUT -j QUEUE > iptables -A FORWARD -j QUEUE # (not needed this is a direct connection) > iptables -A OUPUT -j QUEUE >=20 > I still can't connect with ssh, but can i see an established connection > on port 22 when looking in /proc/net/ip_conntrack >=20 > BTW, kernel is 2.4.27 / iptables 1.2.11 with some patch-o-matic > extension applied. >=20 > Any ideas ? >=20 > Regards >=20 > Laurent >=20 > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=3D6595&al...396&op=3Dclick > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...=3Dsnort-users > ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
