Re: using Snort to audit the firewall

[Luis Daniel Lucio Quiroz <luis.daniel.lucio () gmail com>]

I guess you may do something like this

-A FORWARD... rules -j DROP
-A FORWARD... rules -j QUEUE


your snort shouldnt get any drop rules, 

Le lundi 14 juin 2010 16:36:43, Cristian Grigoriu a écrit :
> Hi guys,
>
> I have deployed a firewall using iptables. I would like to employ Snort
> to audit the firewall by logging any packet which was not suppossed to
> get through firewall but somehow has escaped.
>
> 4 days ago I have posted this question to Snort Newbie forum:
>
> https://forums.snort.org/forums/snort-newbies/topics/using-snort-to-audit-m
> y-own-firewalls
>
> How can I achieve this? Is this even possible?
>
> Thank you,
>
> Cristian Grigoriu
>
> ---------------------------------------------------------------------------
> --- ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users