Menu
▾
▴
Re: [Snort-inline-users] need a snort_inline document
|
From: Ken G. <ken...@ro...> - 2005-07-11 20:30:10
|
right. run snort inline like this: snort -D -c /etc/snort_inline.conf -Q -l /var/log/snort_inline -t /var/log/snort_inline D = daemon c = config Q = queue mode l = logs t = chroot dir since im bridge i have iptables IN/OUT for accept and FORWARD is QUEUE. but what you have will work too for standard firewall system. ozgur uncuoglu wrote: > my english is not perfect.I say using "only" iptables rules is not > enough to provide more security.packet filtering does not stop hackers:( > > compile snort_inline > add ip_queue module > setup some snort rules > iptables -A input -J Queue > start snort_inline > > after this,incoming all packets should pass through IPS. > is this works ? > > Ken Garland wrote: > >>saying snort_inline is more powerful than iptables is like saying a >>peanut butter and jelly sandwich tastes better without the jelly. its >>just a peanut butter sandwich at that point, much like snort_inline >>without iptables is just snort IDS, not IPS. >> >>You must have both as snort inline feeds off iptables queue. >> >>compile iptables and queue into your kernel, or make modules. i use a >>bridging system so that needs to be compiled in as well. >> >>then simply setup iptables for queuing and compile snort_inline, setup >>some rules and you are done. sounds simple? well of course there will be >>some snags during the event but i have not run across a 'howto' to walk >>people though it just yet. >> >>oun...@is... wrote: >> >> >> >>>sorry about my previous message. >>> >>>I need a full document about installing snort-inline on my debian >>>box.additionally configuring with iptables and ip_queue.I think >>>snort-inline is more powerfull than writing iptables rules and I'm going >>>to install it for a gateway machine without web server mysql ftp etc.Its >>>just serve to corporate users to access to the internet. >>> >>>thanks >>> >>> >>> >>> >>> >>>------------------------------------------------------- >>>This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening >>>July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual >>>core and dual graphics technology at this free one hour event hosted by HP, >>>AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar >>>_______________________________________________ >>>Snort-inline-users mailing list >>>Sno...@li... >>>https://lists.sourceforge.net/lists/listinfo/snort-inline-users >>> >>> >>> >>> >> >> >> > |