I recall reading that the ability to run snort-inline as part of an iptables chain was added to shorewall a few revs back. I''ve just upgraded to 3.0 RC3 and was wondering if anyone had a how-to for putting snort-inline, er, in line? I''ve been getting hammered lately by people trying to break-in and am looking to enable "the works". I''ve got snort and base working (I think) properly, so it''s just the in-line part I need. Thanks! Mike- -- Mornings: Evolution in action. Only the grumpy will survive. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments. ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
On Tuesday 08 November 2005 16:24, Michael W Cocke wrote:> I recall reading that the ability to run snort-inline as part of an > iptables chain was added to shorewall a few revs back. I''ve just > upgraded to 3.0 RC3 and was wondering if anyone had a how-to for > putting snort-inline, er, in line? I''ve been getting hammered lately > by people trying to break-in and am looking to enable "the works". > I''ve got snort and base working (I think) properly, so it''s just the > in-line part I need.Sounds like a great opportunity for you to contribute to Shorewall and Open Source by writing a HOWTO. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom et al.. Shorewall and this list have made my job so much easier and I would love to help contribute to a how-to for this setup I''ve been running snort-inline on my firewall box for a while now and am very satisfied with the results. I have tried to put a how-to together for this (mainly for my own documentation) but I always seem to leave things out, forget what I did, or simply word things badly. If someone would like to get together on this please email me and we can work through the how-to and give something back. jthibodeau@ou.edu -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of Tom Eastep Sent: Tuesday, November 08, 2005 8:29 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] Shorewall and snort On Tuesday 08 November 2005 16:24, Michael W Cocke wrote:> I recall reading that the ability to run snort-inline as part of an > iptables chain was added to shorewall a few revs back. I''ve just > upgraded to 3.0 RC3 and was wondering if anyone had a how-to for > putting snort-inline, er, in line? I''ve been getting hammered lately > by people trying to break-in and am looking to enable "the works". > I''ve got snort and base working (I think) properly, so it''s just the > in-line part I need.Sounds like a great opportunity for you to contribute to Shorewall and Open Source by writing a HOWTO. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
On Tuesday 08 November 2005 20:27, Thibodeau, Jamie L. wrote:> Tom et al.. > > Shorewall and this list have made my job so much easier and I would love > to help contribute to a how-to for this setup I''ve been running > snort-inline on my firewall box for a while now and am very satisfied > with the results. > > I have tried to put a how-to together for this (mainly for my own > documentation) but I always seem to leave things out, forget what I did, > or simply word things badly. If someone would like to get together on > this please email me and we can work through the how-to and give > something back. >Thanks, Jamie Michael -- would you be willing to work with Jamie to produce a HOWTO (and get your own snort inline setup working in the process)? Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Tue, 8 Nov 2005 20:32:02 -0800, you wrote:>On Tuesday 08 November 2005 20:27, Thibodeau, Jamie L. wrote: >> Tom et al.. >> >> Shorewall and this list have made my job so much easier and I would love >> to help contribute to a how-to for this setup I''ve been running >> snort-inline on my firewall box for a while now and am very satisfied >> with the results. >> >> I have tried to put a how-to together for this (mainly for my own >> documentation) but I always seem to leave things out, forget what I did, >> or simply word things badly. If someone would like to get together on >> this please email me and we can work through the how-to and give >> something back. >> > >Thanks, Jamie > >Michael -- would you be willing to work with Jamie to produce a HOWTO (and get >your own snort inline setup working in the process)? > >Thanks, >-TomSounds like a great idea! I''ll email Jamie direct tomorrow (It''s now 1:40 am here and I''m going to sleep!) Mike- -- Mornings: Evolution in action. Only the grumpy will survive. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments. ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php