{SPAM} [Snort-users] Still Help Needed: i want to make a firewall

Matt Kettler mkettler at ...4108...
Tue Apr 15 12:12:16 EDT 2003


First perhaps you'd get more answers by not flooding the list with 
duplicate posts. (5 more-or-less identical posts in 5 hours is *really* 
rude, to the point that if you keep it up you'll likely find your mail 
filtered to my trash can automatically)

First, it sounds like what you really want is a firewall... if your rules 
are simple, get a firewall software... snort is not a firewall, although 
tools like hogwash can be used to re-configure your firewall based on more 
complex snort rules. Even if you want to use snort as part of your network 
protection, you need a firewall for it to talk to first.

Most Unix operating systems come with a packet filtering firewall package 
of some sort (IPTables, IPF, PF, etc) and more recent ones are stateful 
too. Windows does NOT come with any such tool. Yes, it has a trivial 
"internet security" filter, but it's strictly port based and is not 
particularly flexible.

There are third-party packages for windows, most notably checkpoint's 
Firewall1, but they cost money.

As for hogwash as far as I know hogwash is a very unix-oriented tool. I'm 
fairly sure it relies on the built-in packet filtering services that the OS 
provides. Since windows has no such built in feature, hogwash can't be made 
to support it.

Even though hogwash is unix specific, snortsam is not, and it does have the 
ability to work with checkpoint's firewall1.

http://www.snortsam.net


If you really want the source for hogwash, it's available here:

http://hogwash.sourceforge.net/download.html




At 10:46 AM 4/15/2003 -0700, you wrote:

>i HAVE To work in windows platform preferrably win2k
>and ...
>
>i want to make a firewall for a network. say i have
>two interfaces (NICs) on a PC one connected to my
>private network and other to the internet. can i use
>libpcap/wpcap to capture all the packets and then
>filter all the packets according to some user defined
>rules and then drop the packets violating any rule
>while leting others go. currently i know that
>libpcap/wpcap can only be used to sniff packets but
>cannot block packets going into the IP stack of an OS.
>i want that i be able to block all the packets and let
>go (into the protocol stack) only the packets which
>donot violate any rules hence making a packet
>filtering firewall.
>
>can anyone tell me how to achieve this with pcap or
>with anything else.
>
>can i get the source code for hogwash for windows...?
>
>need an urgent reply please.
>
>
>__________________________________________________
>Do you Yahoo!?
>The New Yahoo! Search - Faster. Easier. Bingo
>http://search.yahoo.com
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list