Snort mailing list archives
RE: {SPAM} Still Help Needed: i want to make a fire wall
From: Robert Reid <rreid () 1800FLOWERS com>
Date: Wed, 16 Apr 2003 00:51:16 -0400
"Most Unix operating systems come with a packet filtering firewall package of some sort (IPTables, IPF, PF, etc) and more recent ones are stateful too. Windows does NOT come with any such tool. Yes, it has a trivial "internet security" filter, but it's strictly port based and is not particularly flexible." Actually, that's not entirely true. IPSEC policies can be used to do some really fancy per interface packet filtering on 2000, XP, and .NET. platforms. TCP/IP Filtering on the NIC is as you stated very inflexible, and applies to all interfaces. Junaid, if I understand your question correctly what you are trying to do could probably be accomplished by using IPSEC filters. Be warned, there is a learning curve and they can be confusing at times to say the least. But they are definetly worth the time to learn. I think labmice.net has a decent section on the basics to get you started. Good luck. -----Original Message----- From: Matt Kettler [mailto:mkettler () evi-inc com] Sent: Tuesday, April 15, 2003 3:10 PM To: Junaid; snort-users () lists sourceforge net Subject: Re: {SPAM} [Snort-users] Still Help Needed: i want to make a firewall First perhaps you'd get more answers by not flooding the list with duplicate posts. (5 more-or-less identical posts in 5 hours is *really* rude, to the point that if you keep it up you'll likely find your mail filtered to my trash can automatically) First, it sounds like what you really want is a firewall... if your rules are simple, get a firewall software... snort is not a firewall, although tools like hogwash can be used to re-configure your firewall based on more complex snort rules. Even if you want to use snort as part of your network protection, you need a firewall for it to talk to first. Most Unix operating systems come with a packet filtering firewall package of some sort (IPTables, IPF, PF, etc) and more recent ones are stateful too. Windows does NOT come with any such tool. Yes, it has a trivial "internet security" filter, but it's strictly port based and is not particularly flexible. There are third-party packages for windows, most notably checkpoint's Firewall1, but they cost money. As for hogwash as far as I know hogwash is a very unix-oriented tool. I'm fairly sure it relies on the built-in packet filtering services that the OS provides. Since windows has no such built in feature, hogwash can't be made to support it. Even though hogwash is unix specific, snortsam is not, and it does have the ability to work with checkpoint's firewall1. http://www.snortsam.net If you really want the source for hogwash, it's available here: http://hogwash.sourceforge.net/download.html At 10:46 AM 4/15/2003 -0700, you wrote:
i HAVE To work in windows platform preferrably win2k and ... i want to make a firewall for a network. say i have two interfaces (NICs) on a PC one connected to my private network and other to the internet. can i use libpcap/wpcap to capture all the packets and then filter all the packets according to some user defined rules and then drop the packets violating any rule while leting others go. currently i know that libpcap/wpcap can only be used to sniff packets but cannot block packets going into the IP stack of an OS. i want that i be able to block all the packets and let go (into the protocol stack) only the packets which donot violate any rules hence making a packet filtering firewall. can anyone tell me how to achieve this with pcap or with anything else. can i get the source code for hogwash for windows...? need an urgent reply please. __________________________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: {SPAM} Still Help Needed: i want to make a fire wall Robert Reid (Apr 15)