[Shorewall-users] Shorewall and an inline IDS (snort-inline orhogwash)

Thibodeau, Jamie L. jthibodeau at ou.edu
Wed Mar 30 08:24:37 PST 2005


2.3.2 does have it.  If you check the --help you'll see a -Q that tells
snort to look at packets from iptables instead of pcap.  Once you have
the shorewall stuff in place you run snort with -Qv you will see the
packets that snort sees 

-----Original Message-----
From: shorewall-users-bounces at lists.shorewall.net
[mailto:shorewall-users-bounces at lists.shorewall.net] On Behalf Of
Michael W Cocke
Sent: Wednesday, March 30, 2005 10:15 AM
To: Mailing List for Shorewall Users
Subject: Re: [Shorewall-users] Shorewall and an inline IDS (snort-inline
orhogwash)

On Tue, 29 Mar 2005 19:33:51 -0800 (PST), you wrote:

>If I am not mistaken snort-inline is already in snort
>2.3.2

The executable isn't and the online snort docs don't mention anything
about the capability.

I've got Snort running now in tandem with Shorewall 2.2, but I'm VERY
interested in adding the 'drop packet' capability. As I read the docs,
since Shorewall is essentially using iptables, it should be doable, but
I was hoping to find some more info.  Guess I'll hack around with it
tomorrow and see if I let the smoke out.

Mike-

>
>
>--- Michael W Cocke <cocke at catherders.com> wrote:
>> Is anyone using an inline IDS like hogwash or snort-inline to drop 
>> packets in a system running shoreline?  I _think_ I see how to 
>> configure it, but I'd be really interested in finding a howto or 
>> something...
>> 
>> Thanks!
>> 
>> Mike-
>>  
>> --
>> Mornings:  Evolution in action.  Only the grumpy will survive.
>> --
>> 
>> Please note - Due to the intense volume of spam, we have installed 
>> site-wide spam  filters at catherders.com.  If email from you 
>> bounces, try non-HTML, non-encoded, non-attachments.
>> _______________________________________________
>> Shorewall-users mailing list
>> Post: Shorewall-users at lists.shorewall.net
>> Subscribe/Unsubscribe:
>>
>https://lists.shorewall.net/mailman/listinfo/shorewall-users
>> Support: http://www.shorewall.net/support.htm
>> FAQ: http://www.shorewall.net/FAQ.htm
>> 
>
>
>		
>__________________________________
>Do you Yahoo!? 
>Yahoo! Small Business - Try our new resources site!
>http://smallbusiness.yahoo.com/resources/
>_______________________________________________
>Shorewall-users mailing list
>Post: Shorewall-users at lists.shorewall.net
>Subscribe/Unsubscribe: 
>https://lists.shorewall.net/mailman/listinfo/shorewall-users
>Support: http://www.shorewall.net/support.htm
>FAQ: http://www.shorewall.net/FAQ.htm

--
Mornings:  Evolution in action.  Only the grumpy will survive.
--

Please note - Due to the intense volume of spam, we have installed
site-wide spam  filters at catherders.com.  If email from you bounces,
try non-HTML, non-encoded, non-attachments.
_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users at lists.shorewall.net
Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm


More information about the Shorewall-users mailing list