[Snort-users] Snort and IPTables?

Dave Fitches sticks.au at ...375...
Tue Jun 12 05:03:03 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm running Snort 1.7 with IPtables on RH 7.1 without any troubles at all...
My firewall script can be viewed at http://www.sticks.f2s.com/iptables.html
I'm pretty much using a standard Snort Config.

Works beautifully... :)

- -

    = Dave Fitches =

________________________________________________________
 ,--__|\    David Fitches
/       \   * ICQ : 2120090   * SATCO CID : 955589
\_,--\__/   * Mobile : +61-419-466-744
       v    * E-mail : sticks.au at ...375...
               Melbourne, Victoria, Australia
               Web: http://www.bigfoot.com/~sticks.au/
_______________________________________________________
Please Note: Unless this e-mail has been sent as PRIVATE, PERSONAL or
CONFIDENTIAL, the receiver may forward copies of it on the condition  that
they send an advisory message to the original sender.
If however the message has been marked PRIVATE, PERSONAL or CONFIDENTIAL
prior consent MUST be obtained before the message can be forwarded.

> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Louie
> Martinez
> Sent: Tuesday, 12 June 2001 10:13
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort and IPTables?
>
>
> I was wondering if snort only works with ipchain's and not with iptables.
>
> Has anyone got it to work with iptables? I'm currently using
> shorewall-1.1.7 to manage iptables and I haven't been able to get
> it to log
> anything. I created a the following test rule....
>
> alert tcp any any -> any any (msg:"TCP test rule";)
>
> and it seemed to like that fine and detected all the packets sent
> with the
> sample attack script but removing the rule didn't trigger any of
> the other
> default snortrules.
>
> Perplexed
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBOyXaxwUhkO6Zt2EDEQL17gCfTKBk+lprjrEoIijMmmMH+GySESsAn0Oi
yGZRTBEJlc4XY+HrxXivTNRt
=H14M
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list