Thibodeau, Jamie L.
2005-Mar-30 15:25 UTC
RE: Shorewall and an inline IDS (snort-inlineorhogwash)
You are awesome!!!! -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep Sent: Wednesday, March 30, 2005 9:11 AM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] Shorewall and an inline IDS (snort-inlineorhogwash) Tom Eastep wrote:> Thibodeau, Jamie L. wrote: > >>I made an atempt to run snort_inline and shorewall on the same system >>but I could not get snort to see the packets. >> >>Maybe someone with a little more iptables knowledge could tell me what>>I''m doing wrong or if its possible to have the systems setup so that >>it places packets that the firewall would allow into QUEUE. >> > > > There is no way to do that currently with Shorewall. >However, it only took a few lines of code to make it possible. In CVS (Shorewall/) you will find a ''firewall'' script that allows QUEUE as a policy in /etc/shorewall/policies. That, together with the QUEUE action in the rules file, should allow you to do what you want. The change is based on version 2.2.2 and will be included in 2.2.3 which will come out in a couple of weeks. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
samer Y. Azmy
2005-Mar-31 08:58 UTC
RE: Shorewall and aninline IDS (snort-inlineorhogwash)
Yes,He is he drives me crazy>From: "Thibodeau, Jamie L." <jthibodeau@ou.edu> >Reply-To: Mailing List for Shorewall >Users<shorewall-users@lists.shorewall.net> >To: "Mailing List for Shorewall Users" ><shorewall-users@lists.shorewall.net> >Subject: RE: [Shorewall-users] Shorewall and >aninline IDS (snort-inlineorhogwash) >Date: Wed, 30 Mar 2005 09:25:08 -0600 > >You are awesome!!!! > > > >-----Original Message----- >From: shorewall-users-bounces@lists.shorewall.net >[mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom >Eastep >Sent: Wednesday, March 30, 2005 9:11 AM >To: Mailing List for Shorewall Users >Subject: Re: [Shorewall-users] Shorewall and an inline IDS >(snort-inlineorhogwash) > >Tom Eastep wrote: > > Thibodeau, Jamie L. wrote: > > > >>I made an atempt to run snort_inline and shorewall on the same system > >>but I could not get snort to see the packets. > >> > >>Maybe someone with a little more iptables knowledge could tell me what > > >>I''m doing wrong or if its possible to have the systems setup so that > >>it places packets that the firewall would allow into QUEUE. > >> > > > > > > There is no way to do that currently with Shorewall. > > > >However, it only took a few lines of code to make it possible. > >In CVS (Shorewall/) you will find a ''firewall'' script that allows QUEUE >as a policy in /etc/shorewall/policies. That, together with the QUEUE >action in the rules file, should allow you to do what you want. > >The change is based on version 2.2.2 and will be included in 2.2.3 which >will come out in a couple of weeks. > >-Tom >-- >Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >Shoreline, \ http://shorewall.net >Washington USA \ teastep@shorewall.net >PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: >https://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: >https://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it''s FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/