Re: some /etc/sysconfig/iptables example

[william metcalf <william.metcalf () gmail com>]

hmmmm

What about the output of iptables -L -v -n

Regards,

Will
On Mon, 2009-01-19 at 18:39 +0100, carlopmart wrote:
> william metcalf wrote:
> > let's see what you've got.... remember the traffic going across the
> > bridge is filtered by the FORWARD chain. Only traffic destined for the
> > ip stack on the box, goes to INPUT/OUTPUT.
> >
> > Regards,
> >
> > Will
> > On Mon, 2009-01-19 at 18:15 +0100, carlopmart wrote:
> > > Hi all,
> > >
> > >   I am trying to setup /etc/sysconfig/iptables file to use snort with inline 
> > > mode on a bridge under rhel5.2 without luck.
> > >
> > >   Somebody can gives me an example??
> > >
> > >   Many thanks.
> Thanks william, I know that i can only use FORWARD chain, but it doesn't works 
> .... My /etc/sysconfig/iptables is:
>
> # Firewall configuration written by system-config-securitylevel
> # Manual customization of this file is not recommended.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :IPS-Firewall-INPUT - [0:0]
> :IPS-Firewall-FORWARD - [0:0]
> :IPS-Firewall-OUTPUT - [0:0]
> -A INPUT -j IPS-Firewall-INPUT
> -A FORWARD -j IPS-Firewall-FORWARD
> -A OUTPUT -j IPS-Firewall-OUTPUT
> -A IPS-Firewall-INPUT -i lo -j ACCEPT
> -A IPS-Firewall-INPUT -i eth0 -j ACCEPT
> -A IPS-Firewall-FORWARD -i br0 -p all -j QUEUE
> COMMIT

Attachment: signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users