[Snort-users] snort-inline and iptables INPUT chain
lhaond at ...13100...
Tue Mar 1 07:53:18 EST 2005
Victor Julien a écrit :
>Hmmm, the only thing i can think of is that you forgot to queue the traffic on
>the OUTPUT chain.
>>Reading older posts, i do not really understand if sort-inline does only
>>work with the FORWARD chain ?
>No it works on the other chains as well.
>>so do i need to replace all "-j ACCEPT" with "-j QUEUE" only for FORWARD
>>Or is it a problem/option missing on stream4 preprocessor, or a probleme
>>with ip_conntrack ?
>Can you show us the iptables rules?
I've made test with very simple iptables rules (after flushing all rules
filter / mangles and also tried a reboot) :
iptables -F INPUT
iptables -F OUPUT
iptables -F FORWARD
iptables -A INPUT -j QUEUE
iptables -A FORWARD -j QUEUE # (not needed this is a direct connection)
iptables -A OUPUT -j QUEUE
I still can't connect with ssh, but can i see an established connection
on port 22 when looking in /proc/net/ip_conntrack
BTW, kernel is 2.4.27 / iptables 1.2.11 with some patch-o-matic
Any ideas ?
More information about the Snort-users