Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: some /etc/sysconfig/iptables example

From: carlopmart <carlopmart () gmail com>
Date: Mon, 19 Jan 2009 18:53:31 +0100
Here it is:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
     pkts      bytes target     prot opt in     out     source 
destination
       58     4024 IPS-Firewall-INPUT  all  --  *      *       0.0.0.0/0 
     0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
     pkts      bytes target     prot opt in     out     source 
destination
        3      164 IPS-Firewall-FORWARD  all  --  *      *       0.0.0.0/0 
       0.0.0.0/0

Chain OUTPUT (policy ACCEPT 37 packets, 4228 bytes)
     pkts      bytes target     prot opt in     out     source 
destination
       37     4228 IPS-Firewall-OUTPUT  all  --  *      *       0.0.0.0/0 
      0.0.0.0/0

Chain IPS-Firewall-FORWARD (1 references)
     pkts      bytes target     prot opt in     out     source 
destination
        3      164 QUEUE      all  --  br0    *       0.0.0.0/0 
0.0.0.0/0

Chain IPS-Firewall-INPUT (1 references)
     pkts      bytes target     prot opt in     out     source 
destination
        0        0 ACCEPT     all  --  lo     *       0.0.0.0/0 
0.0.0.0/0
       58     4024 ACCEPT     all  --  eth0   *       0.0.0.0/0 
0.0.0.0/0

Chain IPS-Firewall-OUTPUT (1 references)
     pkts      bytes target     prot opt in     out     source 
destination




william metcalf wrote:

hmmmm

What about the output of iptables -L -v -n

Regards,

Will
On Mon, 2009-01-19 at 18:39 +0100, carlopmart wrote:

william metcalf wrote:

let's see what you've got.... remember the traffic going across the
bridge is filtered by the FORWARD chain. Only traffic destined for the
ip stack on the box, goes to INPUT/OUTPUT.

Regards,

Will
On Mon, 2009-01-19 at 18:15 +0100, carlopmart wrote:

Hi all,

  I am trying to setup /etc/sysconfig/iptables file to use snort with inline 
mode on a bridge under rhel5.2 without luck.

  Somebody can gives me an example??

  Many thanks.


Thanks william, I know that i can only use FORWARD chain, but it doesn't works 
.... My /etc/sysconfig/iptables is:

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:IPS-Firewall-INPUT - [0:0]
:IPS-Firewall-FORWARD - [0:0]
:IPS-Firewall-OUTPUT - [0:0]
-A INPUT -j IPS-Firewall-INPUT
-A FORWARD -j IPS-Firewall-FORWARD
-A OUTPUT -j IPS-Firewall-OUTPUT
-A IPS-Firewall-INPUT -i lo -j ACCEPT
-A IPS-Firewall-INPUT -i eth0 -j ACCEPT
-A IPS-Firewall-FORWARD -i br0 -p all -j QUEUE
COMMIT




-- 
CL Martinez
carlopmart {at} gmail {d0t} com

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: