[Snort-users] Snort + ipchains
jsage at ...2022...
Fri Nov 30 19:12:02 EST 2001
It's interesting to note that the HOW-TO doesn't even mention -o except
in a crossreference to ipfwadm commands.
man ipchains says "Copy matching packets to the user space device..."
I've never used it; hardly knew it existed.
What exactly are you hoping to accomplish?
As a side note: snort sees packets that ipchains DENY's or REJECT's, so
I don't see why you don't just run ipchains *and* snort and be done with it.
That's what I do; it works great (and is Less Filling(tm)...)
> Does anybody use the -o option of ipchains to capture REJECTed or DENYied
> packets and send its to snort for log or analyse action ? How does it work ?
> (Please send a more detailed answer than just "fine" ! :-))
> I would like to enhance my ipchains filter by adding to it this facility: all
> REJECT or DENY packets are logged "à la tcpdump" and post-analyzed by running
More information about the Snort-users