[Snort-users] snort-inline and iptables INPUT chain

Laurent Haond lhaond at ...13100...
Tue Mar 1 07:53:18 EST 2005


Victor Julien a écrit :

>
>Hmmm, the only thing i can think of is that you forgot to queue the traffic on 
>the OUTPUT chain.
>
>  
>
>>Reading older posts, i do not really understand if sort-inline does only
>>work with the FORWARD chain ?
>>    
>>
>
>No it works on the other chains as well.
>
>  
>
>>so do i need to replace all "-j ACCEPT" with "-j QUEUE" only for FORWARD
>>chain ?
>>Or is it a problem/option missing on stream4 preprocessor, or a probleme
>>with ip_conntrack ?
>>    
>>
>
>Can you show us the iptables rules?
>
>Regards,
>Victor
>
>  
>
I've made test with very simple iptables rules (after flushing all rules 
filter / mangles and also tried a reboot) :
iptables -F INPUT
iptables -F OUPUT
iptables -F FORWARD
iptables -A INPUT  -j QUEUE
iptables -A FORWARD -j QUEUE # (not needed this is a direct connection)
iptables -A OUPUT -j QUEUE

I still can't connect with ssh, but can i see an established connection 
on port 22 when looking in /proc/net/ip_conntrack

BTW, kernel is 2.4.27 / iptables 1.2.11 with some patch-o-matic 
extension applied.

Any ideas ?

Regards

Laurent




More information about the Snort-users mailing list