[Snort-users] Snort stops logging
pauls at ...6838...
Fri Jul 2 08:14:07 EDT 2004
--On Friday, July 02, 2004 11:36:06 AM +0200 Ralf Eberle
<iceman at ...12061...> wrote:
> I have include my ruleset below. I need to say that this is my first
> firewall setup and my first own rules.
Before you set up a firewall, you need to decide what your goal is. Are
you aware that your firewall has a default "allow all" policy? In general,
when setting up a host-based firewall, a "deny all" default policy is
preferred. This ensures that only the things you allow to pass in will do
> Thanks in advance for your help.
> Ralf Eberle
> Here my ruleset:
> 20000 0 0 check-state
> 20000 95554 9313534 allow ip from any to any via lo0
Immediately after this rule, you should have one that allows all traffic to
pass to the NIC that snort is listening on. Something like this:
20001 allow ip from any to any via xl0
Do you have two NICs in this machine? One for snort to listen on, and one
for "normal" traffic?
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
More information about the Snort-users