[Snort-users] mark packets for further processing via iptables/tc ?

Gerd Feiner g.feiner at ...7723...
Wed Dec 11 02:57:03 EST 2002


hi there,

I am new to this list and did a search on the archives prior to posting
my question.  However, I can't seem to find the solution to my problem.

Let me explain what i want to achieve:

I want (if somehow possible) use SNORT to investigate traffic on my
internet-link for a very special purpose.  I'd like to seek for
P2P-traffic (kazaa, morpheus, edonkey, etc.) and then -mark- the
matching packets so that I can shape them with the tc-command.

For that purpose, however, the packets must be marked in the same way
iptables does - tc has a filter for fw-marked packets.

Now, I read the FAQ and found something about Guardian and automagically
blocking packets - but that's not what I want.  Did I miss something on
Guardian's abilities or is there another way of achieving this?

However, since that Guardian is an additional step in the process, I'd
rather like to avoid it.  Would be very nice if SNORT could mark packets
like iptables natively - and would also add a great deal of flexibilty.

Thanks in advance.

-g





More information about the Snort-users mailing list