[Shorewall-users] Shorewall and an inline IDS (snort-inlineorhogwash)

Thibodeau, Jamie L. jthibodeau at ou.edu
Wed Mar 30 07:25:08 PST 2005

You are awesome!!!!

-----Original Message-----
From: shorewall-users-bounces at lists.shorewall.net
[mailto:shorewall-users-bounces at lists.shorewall.net] On Behalf Of Tom
Sent: Wednesday, March 30, 2005 9:11 AM
To: Mailing List for Shorewall Users
Subject: Re: [Shorewall-users] Shorewall and an inline IDS

Tom Eastep wrote:
> Thibodeau, Jamie L. wrote:
>>I made an atempt to run snort_inline and shorewall on the same system 
>>but I could not get snort to see the packets.
>>Maybe someone with a little more iptables knowledge could tell me what

>>I'm doing wrong or if its possible to have the systems setup so that 
>>it places packets that the firewall would allow into QUEUE.
> There is no way to do that currently with Shorewall.

However, it only took a few lines of code to make it possible.

In CVS (Shorewall/) you will find a 'firewall' script that allows QUEUE
as a policy in /etc/shorewall/policies. That, together with the QUEUE
action in the rules file, should allow you to do what you want.

The change is based on version 2.2.2 and will be included in 2.2.3 which
will come out in a couple of weeks.

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
Shorewall-users mailing list
Post: Shorewall-users at lists.shorewall.net
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm

More information about the Shorewall-users mailing list