Menu
▾
▴
Re: [Snort-inline-users] Snort inline don't block
|
From: Alberto Z. <al...@in...> - 2007-07-22 08:43:48
|
I just tried vuurmuur, very beautiful system, the ncurses interface can
make my life more easier: many thanks for the suggestion. I didn't found
any reference to any traffic shaping fuctionality except in future
plans, but at the moment is not an important feauture for me.
But the problem is still alive: when a malicious packet go to
snort_inline, is detected and in snort_inline-fast log is marked by
drop(for example 07/21-10:42:41.215672 [Drop] [**] [1:4626:4] Port 80
connection initiated [**] [Classification: Attempted User Privilege
Gain] [Priority: 1] {TCP} 77.42.112.123:45799 -> 87.238.232.7:80), but
it pass through, not dropped.
Can someone check the rule application order in snort_inline log? In my
system is
dynamic->pass->drop->sdrop->reject->rejectboth->rejectsrc->rejectdst->alert=
->log
and it seems incorrect.
Now this is my iptables -L -n:
Chain INPUT (policy DROP)
target prot opt source destination =20
PRE-VRMR-INPUT all -- 0.0.0.0/0 0.0.0.0/0 =20
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth0 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth2 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth3 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth4 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth1 all -- 0.0.0.0/0 0.0.0.0/0 =20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x3F/0x00 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe ALL '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x3F/0x00=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x03/0x03 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe SYN-FIN '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x03/0x03=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x06 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe SYN-RST '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x06=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x05/0x05 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe FIN-RST '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x05/0x05=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x11/0x01 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe FIN '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x11/0x01=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x18/0x08 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe PSH '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x18/0x08=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x30/0x20 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe URG '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x30/0x20=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!
0x17/0x02 state NEW limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP no SYN '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!
0x17/0x02 state NEW=20
LOG all -f 0.0.0.0/0 0.0.0.0/0 limit: avg
1/sec burst 2 LOG flags 0 level 6 prefix `vrmr: DROP FRAG '=20
DROP all -f 0.0.0.0/0 0.0.0.0/0 =20
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x0/0xff000000 state ESTABLISHED=20
NEWACCEPT all -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x0/0xff000000 state RELATED=20
QUEUE all -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x1000000/0xff000000 state ESTABLISHED=20
NEWQUEUE all -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x1000000/0xff000000 state RELATED=20
LOG all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix `vrmr: DROP
in INVALID '=20
DROP all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID=20
BLOCKLIST all -- 0.0.0.0/0 0.0.0.0/0 =20
ANTISPOOF all -- 0.0.0.0/0 0.0.0.0/0 =20
LOG tcp -- 87.238.232.0/25 87.238.232.1 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT inc. http '=20
NEWACCEPT tcp -- 87.238.232.0/25 87.238.232.1 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW=20
LOG tcp -- 87.238.232.136/30 87.238.232.137 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT inc. http '=20
NEWACCEPT tcp -- 87.238.232.136/30 87.238.232.137 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW=20
LOG tcp -- 87.238.232.136/30 87.238.232.137 tcp
spts:1024:65535 dpt:22 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT incoming ssh '=20
NEWACCEPT tcp -- 87.238.232.136/30 87.238.232.137 tcp
spts:1024:65535 dpt:22 flags:0x17/0x02 state NEW=20
LOG tcp -- 87.238.232.0/25 87.238.232.1 tcp
spts:1024:65535 dpt:22 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT incoming ssh '=20
NEWACCEPT tcp -- 87.238.232.0/25 87.238.232.1 tcp
spts:1024:65535 dpt:22 flags:0x17/0x02 state NEW=20
NEWACCEPT all -- 87.238.232.140/30 0.0.0.0/0 state NEW=20
NEWACCEPT all -- 87.238.232.136/30 0.0.0.0/0 state NEW=20
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg
30/sec burst 60 LOG flags 0 level 6 prefix `vrmr: DROP in policy '=20
Chain FORWARD (policy DROP)
target prot opt source destination =20
PRE-VRMR-FORWARD all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth0 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth0 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth2 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth2 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth3 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth3 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth4 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth4 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth1 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth1 all -- 0.0.0.0/0 0.0.0.0/0 =20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x3F/0x00 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe ALL '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x3F/0x00=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x03/0x03 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe SYN-FIN '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x03/0x03=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x06 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe SYN-RST '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x06=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x05/0x05 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe FIN-RST '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x05/0x05=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x11/0x01 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe FIN '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x11/0x01=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x18/0x08 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe PSH '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x18/0x08=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x30/0x20 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe URG '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x30/0x20=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!
0x17/0x02 state NEW limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP no SYN '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!
0x17/0x02 state NEW=20
LOG all -f 0.0.0.0/0 0.0.0.0/0 limit: avg
1/sec burst 2 LOG flags 0 level 6 prefix `vrmr: DROP FRAG '=20
DROP all -f 0.0.0.0/0 0.0.0.0/0 =20
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x0/0xff000000 state ESTABLISHED=20
NEWACCEPT all -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x0/0xff000000 state RELATED=20
QUEUE all -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x1000000/0xff000000 state ESTABLISHED=20
NEWQUEUE all -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x1000000/0xff000000 state RELATED=20
LOG all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix `vrmr: DROP
fw INVALID '=20
DROP all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID=20
BLOCKLIST all -- 0.0.0.0/0 0.0.0.0/0 =20
ANTISPOOF all -- 0.0.0.0/0 0.0.0.0/0 =20
LOG icmp -- 0.0.0.0/0 87.238.232.7 icmp type 8
code 0 state NEW LOG flags 0 level 6 prefix `vrmr: QUEUE '=20
NEWQUEUE icmp -- 0.0.0.0/0 87.238.232.7 icmp type 8
code 0 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.7 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: QUEUE '=20
NEWQUEUE tcp -- 0.0.0.0/0 87.238.232.7 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.7 tcp
spts:1024:65535 dpt:22 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 87.238.232.7 tcp
spts:1024:65535 dpt:22 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.18 tcp
spts:1024:65535 dpt:21 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 87.238.232.18 tcp
spts:1024:65535 dpt:21 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.18 tcp
spts:1024:65535 dpt:443 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 87.238.232.18 tcp
spts:1024:65535 dpt:443 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.18 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 87.238.232.18 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.22 tcp
spts:1024:65535 dpt:443 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 87.238.232.22 tcp
spts:1024:65535 dpt:443 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.22 tcp
spts:1024:65535 dpt:21 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 87.238.232.22 tcp
spts:1024:65535 dpt:21 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.22 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 87.238.232.22 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW=20
NEWACCEPT all -- 87.238.232.140/30 0.0.0.0/0 state NEW=20
NEWACCEPT all -- 87.238.232.136/30 0.0.0.0/0 state NEW=20
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg
30/sec burst 60 LOG flags 0 level 6 prefix `vrmr: DROP fw policy '=20
Chain OUTPUT (policy DROP)
target prot opt source destination =20
PRE-VRMR-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0 =20
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth0 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth2 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth3 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth4 all -- 0.0.0.0/0 0.0.0.0/0 =20
ACC-eth1 all -- 0.0.0.0/0 0.0.0.0/0 =20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x3F/0x00 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe ALL '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x3F/0x00=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x03/0x03 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe SYN-FIN '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x03/0x03=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x06 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe SYN-RST '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x06=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x05/0x05 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe FIN-RST '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x05/0x05=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x11/0x01 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe FIN '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x11/0x01=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x18/0x08 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe PSH '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x18/0x08=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x30/0x20 limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP probe URG '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x30/0x20=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!
0x17/0x02 state NEW limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix
`vrmr: DROP no SYN '=20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!
0x17/0x02 state NEW=20
LOG all -f 0.0.0.0/0 0.0.0.0/0 limit: avg
1/sec burst 2 LOG flags 0 level 6 prefix `vrmr: DROP FRAG '=20
DROP all -f 0.0.0.0/0 0.0.0.0/0 =20
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x0/0xff000000 state ESTABLISHED=20
NEWACCEPT all -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x0/0xff000000 state RELATED=20
QUEUE all -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x1000000/0xff000000 state ESTABLISHED=20
NEWQUEUE all -- 0.0.0.0/0 0.0.0.0/0 MARK match
0x1000000/0xff000000 state RELATED=20
LOG all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID limit: avg 1/sec burst 2 LOG flags 0 level 6 prefix `vrmr: DROP
out INVALID '=20
DROP all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID=20
BLOCKLIST all -- 0.0.0.0/0 0.0.0.0/0 =20
ANTISPOOF all -- 0.0.0.0/0 0.0.0.0/0 =20
LOG icmp -- 0.0.0.0/0 87.238.232.7 icmp type 8
code 0 state NEW LOG flags 0 level 6 prefix `vrmr: QUEUE '=20
NEWQUEUE icmp -- 0.0.0.0/0 87.238.232.7 icmp type 8
code 0 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.7 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: QUEUE '=20
NEWQUEUE tcp -- 0.0.0.0/0 87.238.232.7 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.7 tcp
spts:1024:65535 dpt:22 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 87.238.232.7 tcp
spts:1024:65535 dpt:22 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.18 tcp
spts:1024:65535 dpt:21 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 87.238.232.18 tcp
spts:1024:65535 dpt:21 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.18 tcp
spts:1024:65535 dpt:443 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 87.238.232.18 tcp
spts:1024:65535 dpt:443 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.18 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 87.238.232.18 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.22 tcp
spts:1024:65535 dpt:443 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 87.238.232.22 tcp
spts:1024:65535 dpt:443 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.22 tcp
spts:1024:65535 dpt:21 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 87.238.232.22 tcp
spts:1024:65535 dpt:21 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 87.238.232.22 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 87.238.232.22 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
spts:1024:65535 dpts:80:81 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
spts:1024:65535 dpt:21 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
spts:1024:65535 dpt:21 flags:0x17/0x02 state NEW=20
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
spts:1024:65535 dpt:443 flags:0x17/0x02 state NEW LOG flags 0 level 6
prefix `vrmr: ACCEPT '=20
NEWACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
spts:1024:65535 dpt:443 flags:0x17/0x02 state NEW=20
NEWACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
spts:1024:65535 dpt:53 flags:0x17/0x02 state NEW=20
NEWACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53
dpt:53 flags:0x17/0x02 state NEW=20
NEWACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
spts:1024:65535 dpt:53 state NEW=20
NEWACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53
dpt:53 state NEW=20
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg
30/sec burst 60 LOG flags 0 level 6 prefix `vrmr: DROP out policy '=20
Chain ACC-eth0 (4 references)
target prot opt source destination =20
RETURN all -- 0.0.0.0/0 0.0.0.0/0 =20
RETURN all -- 0.0.0.0/0 0.0.0.0/0 =20
Chain ACC-eth1 (4 references)
target prot opt source destination =20
RETURN all -- 0.0.0.0/0 0.0.0.0/0 =20
RETURN all -- 0.0.0.0/0 0.0.0.0/0 =20
Chain ACC-eth2 (4 references)
target prot opt source destination =20
RETURN all -- 0.0.0.0/0 0.0.0.0/0 =20
RETURN all -- 0.0.0.0/0 0.0.0.0/0 =20
Chain ACC-eth3 (4 references)
target prot opt source destination =20
RETURN all -- 0.0.0.0/0 0.0.0.0/0 =20
RETURN all -- 0.0.0.0/0 0.0.0.0/0 =20
Chain ACC-eth4 (4 references)
target prot opt source destination =20
RETURN all -- 0.0.0.0/0 0.0.0.0/0 =20
RETURN all -- 0.0.0.0/0 0.0.0.0/0 =20
Chain ANTISPOOF (3 references)
target prot opt source destination =20
LOG all -- 10.0.0.0/8 0.0.0.0/0 limit: avg
1/sec burst 5 LOG flags 0 level 6 prefix `vrmr: DROP spoof class-a '=20
DROP all -- 10.0.0.0/8 0.0.0.0/0 =20
LOG all -- 0.0.0.0/0 10.0.0.0/8 limit: avg
1/sec burst 5 LOG flags 0 level 6 prefix `vrmr: DROP spoof class-a '=20
DROP all -- 0.0.0.0/0 10.0.0.0/8 =20
Chain BLOCK (0 references)
target prot opt source destination =20
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg
1/sec burst 2 LOG flags 0 level 6 prefix `vrmr: DROP BLOCKED '=20
DROP all -- 0.0.0.0/0 0.0.0.0/0 =20
Chain BLOCKLIST (3 references)
target prot opt source destination =20
Chain NEWACCEPT (32 references)
target prot opt source destination =20
SYNLIMIT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x17/0x02=20
UDPLIMIT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW=20
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 =20
Chain NEWQUEUE (7 references)
target prot opt source destination =20
SYNLIMIT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x17/0x02=20
UDPLIMIT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW=20
QUEUE all -- 0.0.0.0/0 0.0.0.0/0 =20
Chain PRE-VRMR-FORWARD (1 references)
target prot opt source destination =20
Chain PRE-VRMR-INPUT (1 references)
target prot opt source destination =20
Chain PRE-VRMR-OUTPUT (1 references)
target prot opt source destination =20
Chain SYNLIMIT (2 references)
target prot opt source destination =20
RETURN all -- 0.0.0.0/0 0.0.0.0/0 limit: avg
10/sec burst 20=20
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg
1/sec burst 2 LOG flags 0 level 6 prefix `vrmr: DROP SYNLIMIT reach. '=20
DROP all -- 0.0.0.0/0 0.0.0.0/0 =20
Chain TCPRESET (0 references)
target prot opt source destination =20
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
reject-with tcp-reset=20
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-port-unreachable=20
Chain UDPLIMIT (2 references)
target prot opt source destination =20
RETURN all -- 0.0.0.0/0 0.0.0.0/0 limit: avg
15/sec burst 45=20
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg
1/sec burst 2 LOG flags 0 level 6 prefix `vrmr: DROP UDPLIMIT reach. '=20
DROP all -- 0.0.0.0/0 0.0.0.0/0=20
Bye,
Alberto
Il giorno ven, 20/07/2007 alle 14.20 -0400, Francisco Mu=C3=B1oz ha scritto=
:
> Shorewall is not compatible with snort-inline. That's it. If you have
> to use a high-level interface to iptables, try Victor Julien's
> Vuurmuur. http://vuurmuur.sourceforge.net/ It's excellent and
> integrates quite well with snort-inline.
>=20
> --=20
> Cheers,
> Francisco
|
