Menu
▾
▴
Re: [Shorewall-users] Shorewall and an inline IDS (snort-inline orhogwash)
|
From: Tom E. <te...@sh...> - 2005-03-30 15:11:11
|
Tom Eastep wrote: > Thibodeau, Jamie L. wrote: > >>I made an atempt to run snort_inline and shorewall on the same system >>but I could not get snort to see the packets. >> >>Maybe someone with a little more iptables knowledge could tell me what >>I'm doing wrong or if its possible to have the systems setup so that it >>places packets that the firewall would allow into QUEUE. >> > > > There is no way to do that currently with Shorewall. > However, it only took a few lines of code to make it possible. In CVS (Shorewall/) you will find a 'firewall' script that allows QUEUE as a policy in /etc/shorewall/policies. That, together with the QUEUE action in the rules file, should allow you to do what you want. The change is based on version 2.2.2 and will be included in 2.2.3 which will come out in a couple of weeks. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |