[Snort-users] snort-inline and iptables INPUT chain

Will Metcalf william.metcalf at ...11827...
Tue Mar 1 18:19:02 EST 2005


hmmm what does your snort_inline.conf look like?  What version of
snort-inline are you using?

Regards,

Will


On Tue, 01 Mar 2005 16:50:11 +0100, Laurent Haond <lhaond at ...13100...> wrote:
> 
> 
> Victor Julien a écrit :
> 
> >
> >Hmmm, the only thing i can think of is that you forgot to queue the traffic on
> >the OUTPUT chain.
> >
> >
> >
> >>Reading older posts, i do not really understand if sort-inline does only
> >>work with the FORWARD chain ?
> >>
> >>
> >
> >No it works on the other chains as well.
> >
> >
> >
> >>so do i need to replace all "-j ACCEPT" with "-j QUEUE" only for FORWARD
> >>chain ?
> >>Or is it a problem/option missing on stream4 preprocessor, or a probleme
> >>with ip_conntrack ?
> >>
> >>
> >
> >Can you show us the iptables rules?
> >
> >Regards,
> >Victor
> >
> >
> >
> I've made test with very simple iptables rules (after flushing all rules
> filter / mangles and also tried a reboot) :
> iptables -F INPUT
> iptables -F OUPUT
> iptables -F FORWARD
> iptables -A INPUT  -j QUEUE
> iptables -A FORWARD -j QUEUE # (not needed this is a direct connection)
> iptables -A OUPUT -j QUEUE
> 
> I still can't connect with ssh, but can i see an established connection
> on port 22 when looking in /proc/net/ip_conntrack
> 
> BTW, kernel is 2.4.27 / iptables 1.2.11 with some patch-o-matic
> extension applied.
> 
> Any ideas ?
> 
> Regards
> 
> Laurent
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list