Menu
▾
▴
[Snort-inline-users] Some Confuse about iptables
|
From: <tha...@gb...> - 2005-02-01 06:03:24
|
i've read from archives about using iptables with snort-inline and i've some questions to ask. -- snip -- # # Start IPTables Queue : # echo "Start IPTables Queue Mode ..." /sbin/modprobe ip_queue /sbin/iptables -F /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A OUTPUT -o lo -j ACCEPT /sbin/iptables -A INPUT -i eth0 -j ACCEPT /sbin/iptables -A OUTPUT -o eth0 -j ACCEPT /sbin/iptables -A INPUT -i eth1 -j ACCEPT /sbin/iptables -A OUTPUT -o eth1 -j ACCEPT /sbin/iptables -A INPUT -j QUEUE /sbin/iptables -A OUTPUT -j QUEUE /sbin/iptables -A FORWARD -j QUEUE /sbin/iptables -t mangle -A FORWARD -p tcp --syn -m state --state NEW -j MARK --set-mark 1 /sbin/iptables -t mangle -A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j MARK --set-mark 2 /sbin/iptables -I FORWARD -m mark --mark 1 -j QUEUE /sbin/iptables -I FORWARD -m mark --mark 2 -j QUEUE -- snip -- This is my setting. first, Victor said on https://sourceforge.net/mailarchive/forum.php?thread_id=6461942&forum_id=32933 that " You can just use: iptables -A FORWARD -j QUEUE This way you send all forwarded traffic to snort_inline, and you won"t need ip_conntrack. " Do i have to choose between using ip_contrack or -j QUEUE ? OR Setting iptables like now is ok ? because i've a problem when using only "iptables -A FORWARD -j QUEUE" , it make my connection session too short when i connect out to internet ( ssh , irc )and Will told me to use ip_conntrack. I've set as Will told me like /sbin/iptables -t mangle -A FORWARD -p tcp --syn -m state --state NEW -j MARK --set-mark 1 /sbin/iptables -t mangle -A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j MARK --set-mark 2 /sbin/iptables -I FORWARD -m mark --mark 1 -j QUEUE /sbin/iptables -I FORWARD -m mark --mark 2 -j QUEUE and it totally solve my problem. Regards, Thanasin |
