Snort mailing list archives
Re: some /etc/sysconfig/iptables example
From: carlopmart <carlopmart () gmail com>
Date: Mon, 19 Jan 2009 18:53:31 +0100
Here it is: Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 58 4024 IPS-Firewall-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 3 164 IPS-Firewall-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 37 packets, 4228 bytes) pkts bytes target prot opt in out source destination 37 4228 IPS-Firewall-OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain IPS-Firewall-FORWARD (1 references) pkts bytes target prot opt in out source destination 3 164 QUEUE all -- br0 * 0.0.0.0/0 0.0.0.0/0 Chain IPS-Firewall-INPUT (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 58 4024 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 Chain IPS-Firewall-OUTPUT (1 references) pkts bytes target prot opt in out source destination william metcalf wrote:
hmmmm What about the output of iptables -L -v -n Regards, Will On Mon, 2009-01-19 at 18:39 +0100, carlopmart wrote:william metcalf wrote:let's see what you've got.... remember the traffic going across the bridge is filtered by the FORWARD chain. Only traffic destined for the ip stack on the box, goes to INPUT/OUTPUT. Regards, Will On Mon, 2009-01-19 at 18:15 +0100, carlopmart wrote:Hi all, I am trying to setup /etc/sysconfig/iptables file to use snort with inline mode on a bridge under rhel5.2 without luck. Somebody can gives me an example?? Many thanks.Thanks william, I know that i can only use FORWARD chain, but it doesn't works .... My /etc/sysconfig/iptables is: # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :IPS-Firewall-INPUT - [0:0] :IPS-Firewall-FORWARD - [0:0] :IPS-Firewall-OUTPUT - [0:0] -A INPUT -j IPS-Firewall-INPUT -A FORWARD -j IPS-Firewall-FORWARD -A OUTPUT -j IPS-Firewall-OUTPUT -A IPS-Firewall-INPUT -i lo -j ACCEPT -A IPS-Firewall-INPUT -i eth0 -j ACCEPT -A IPS-Firewall-FORWARD -i br0 -p all -j QUEUE COMMIT
-- CL Martinez carlopmart {at} gmail {d0t} com ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- some /etc/sysconfig/iptables example carlopmart (Jan 19)
- Re: some /etc/sysconfig/iptables example william metcalf (Jan 19)
- Re: some /etc/sysconfig/iptables example carlopmart (Jan 19)
- Re: some /etc/sysconfig/iptables example william metcalf (Jan 19)
- Re: some /etc/sysconfig/iptables example carlopmart (Jan 19)
- Re: some /etc/sysconfig/iptables example carlopmart (Jan 19)
- Re: some /etc/sysconfig/iptables example william metcalf (Jan 19)