[Snort-users] using Snort to audit the firewall

Luis Daniel Lucio Quiroz luis.daniel.lucio at ...11827...
Mon Jun 14 17:43:04 EDT 2010


I guess you may do something like this

-A FORWARD... rules -j DROP
-A FORWARD... rules -j QUEUE


your snort shouldnt get any drop rules, 

Le lundi 14 juin 2010 16:36:43, Cristian Grigoriu a écrit :
> Hi guys,
> 
> I have deployed a firewall using iptables. I would like to employ Snort
> to audit the firewall by logging any packet which was not suppossed to
> get through firewall but somehow has escaped.
> 
> 4 days ago I have posted this question to Snort Newbie forum:
> 
> https://forums.snort.org/forums/snort-newbies/topics/using-snort-to-audit-m
> y-own-firewalls
> 
> How can I achieve this? Is this even possible?
> 
> Thank you,
> 
> Cristian Grigoriu
> 
> ---------------------------------------------------------------------------
> --- ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list