On 05/25/2018 07:07 PM, Lee Brown wrote: > > > On Fri, May 25, 2018 at 7:01 PM, Lee Brown <l...@ratnaling.org > <mailto:l...@ratnaling.org>> wrote: > > On Fri, May 25, 2018 at 4:36 PM, Tom Eastep <teas...@shorewall.net > <mailto:teas...@shorewall.net>> wrote: > > On 05/25/2018 02:55 AM, Toussaint OTTAVI wrote: > > Hi all, > > > Is there any recent howto about installing Snort with > Shorewall in IPS > > mode (ie, drop attacks, not just report them) ? > > > > Unfortunately there is not such a howto. > > 1. Build snort with NFQ DAQ support > 2. Add a single line to the actions file: > Snort > 3. Create a new file action.Snort, containing a single line, > > NFQUEUE > 4. Use the new Snort action in your rules file like: > Snort User Internet > > All traffic from the User zone to the Internet zone passes through > Snort. If it doesn't drop the packet, then it is implicitly ACCEPTed. > > Typically you want to place 2 rules in the ALL section to pass all > packets through Snort that you care about. ACCEPT all packets you don't > want going through snort. > > Don't forget to run snort or packets are dropped silently. >
This can be avoided by using NFQUEUE(bypass), or NFQUEUE(<queue>,bypass). Thanks Lee, -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
