Menu
▾
▴
Re: [Snort-inline-users] Non-Bridged Firewall
|
From: Chris D. <ch...@ch...> - 2004-11-21 15:48:19
|
William Metcalf wrote: > Chris, > > Bridges, we don't need no stinking bridges ;-). Take a look at Rob > McMillens rc.firewall script as an example of how to run in NAT mode. > Link included, sorry about the bad joke I'm feeling very odd today. > > http://www.honeynet.org/tools/dcontrol/rc.firewall > I'm going to have to do some more digging in how snort-inline works. All of my firewalls are "inline" to the network, but they are layer 3 instead of layer 2 devices. I currently use FWBuilder to build the IPTables rules, SnortCenter and Acid for frontends to Snort, and Guardian to make the firewall adaptive. All of this on Debian Sarge. It would be wonderful if their was a Debian package for Snort-Inline. I am running my own compiled sources of iptables and my own custom kernels. The only thing that I liked about the NetScreen firewalls, was their ability to stop the attack before it exited the device. Now that I found out about Snort-Inline, I can have the same protection the NetScreen offers but better. Now I have a few questions. Since documentation seems a bit sparce at this point. 1) Can Snort-Inline act as a replacement for Snort? I'm thinking that this is the case because it appears the the Snort distribution is patched for Inline support. If not, do I need to run Snort and Snort-Inline? 2) It appears that I'm going to have to add additional iptables rules to my firewall config that fwbuilder builds. It this the case, or will Snort-Inline just insert itself in the netfilter traversal of packets once I have the necessary compiled modules in netfilter? 3) It would seem to me that the Snort and Netfilter communities would be banging down your doors to get this code mainstream as default installs for all Linux firewalls. Is the interest there yet? It took me some digging to find out this software even existed. I think that's all I have for now. I'm sure I'm going to have more questions later. :) Chris |
