{SPAM} [Snort-users] Still Help Needed: i want to make a fire wall

Robert Reid rreid at ...7835...
Tue Apr 15 21:52:03 EDT 2003


"Most Unix operating systems come with a packet filtering firewall package 
of some sort (IPTables, IPF, PF, etc) and more recent ones are stateful 
too. Windows does NOT come with any such tool. Yes, it has a trivial 
"internet security" filter, but it's strictly port based and is not 
particularly flexible."

Actually, that's not entirely true. IPSEC policies can be used to do some
really fancy per interface packet filtering on 2000, XP, and .NET.
platforms.

TCP/IP Filtering on the NIC is as you stated very inflexible, and applies to
all interfaces.

Junaid, if I understand your question correctly what you are trying to do
could probably be accomplished by using IPSEC filters. Be warned, there is a

learning curve and they can be confusing at times to say the least. But they
are definetly worth the time to learn.

I think labmice.net has a decent section on the basics to get you started.

Good luck.

-----Original Message-----
From: Matt Kettler [mailto:mkettler at ...4108...] 
Sent: Tuesday, April 15, 2003 3:10 PM
To: Junaid; snort-users at lists.sourceforge.net
Subject: Re: {SPAM} [Snort-users] Still Help Needed: i want to make a
firewall


First perhaps you'd get more answers by not flooding the list with 
duplicate posts. (5 more-or-less identical posts in 5 hours is *really* 
rude, to the point that if you keep it up you'll likely find your mail 
filtered to my trash can automatically)

First, it sounds like what you really want is a firewall... if your rules 
are simple, get a firewall software... snort is not a firewall, although 
tools like hogwash can be used to re-configure your firewall based on more 
complex snort rules. Even if you want to use snort as part of your network 
protection, you need a firewall for it to talk to first.

Most Unix operating systems come with a packet filtering firewall package 
of some sort (IPTables, IPF, PF, etc) and more recent ones are stateful 
too. Windows does NOT come with any such tool. Yes, it has a trivial 
"internet security" filter, but it's strictly port based and is not 
particularly flexible.

There are third-party packages for windows, most notably checkpoint's 
Firewall1, but they cost money.

As for hogwash as far as I know hogwash is a very unix-oriented tool. I'm 
fairly sure it relies on the built-in packet filtering services that the OS 
provides. Since windows has no such built in feature, hogwash can't be made 
to support it.

Even though hogwash is unix specific, snortsam is not, and it does have the 
ability to work with checkpoint's firewall1.

http://www.snortsam.net


If you really want the source for hogwash, it's available here:

http://hogwash.sourceforge.net/download.html




At 10:46 AM 4/15/2003 -0700, you wrote:

>i HAVE To work in windows platform preferrably win2k
>and ...
>
>i want to make a firewall for a network. say i have
>two interfaces (NICs) on a PC one connected to my
>private network and other to the internet. can i use libpcap/wpcap to 
>capture all the packets and then filter all the packets according to 
>some user defined rules and then drop the packets violating any rule
>while leting others go. currently i know that
>libpcap/wpcap can only be used to sniff packets but
>cannot block packets going into the IP stack of an OS.
>i want that i be able to block all the packets and let
>go (into the protocol stack) only the packets which
>donot violate any rules hence making a packet
>filtering firewall.
>
>can anyone tell me how to achieve this with pcap or
>with anything else.
>
>can i get the source code for hogwash for windows...?
>
>need an urgent reply please.
>
>
>__________________________________________________
>Do you Yahoo!?
>The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf _______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list