On Fri, May 25, 2018 at 7:01 PM, Lee Brown <l...@ratnaling.org> wrote:
> On Fri, May 25, 2018 at 4:36 PM, Tom Eastep <teas...@shorewall.net> wrote:
>
>> On 05/25/2018 02:55 AM, Toussaint OTTAVI wrote:
>> > Hi all,
>> >
>> Is there any recent howto about installing Snort with Shorewall in IPS
>> > mode (ie, drop attacks, not just report them) ?
>> >
>>
>> Unfortunately there is not such a howto.
>>
>> 1. Build snort with NFQ DAQ support
> 2. Add a single line to the actions file:
> Snort
> 3. Create a new file action.Snort, containing a single line,
>
NFQUEUE
4. Use the new Snort action in your rules file like:
Snort User Internet
All traffic from the User zone to the Internet zone passes through Snort.
If it doesn't drop the packet, then it is implicitly ACCEPTed.
Typically you want to place 2 rules in the ALL section to pass all packets
through Snort that you care about. ACCEPT all packets you don't want going
through snort.
Don't forget to run snort or packets are dropped silently.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
