[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Snort-users] Network kernels params recommendations for snort_inline with nfqueue

Thanks Will ... But I have this rule on my iptables script. My "iptables -vL"

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source               
destination 

     0     0 DROP       all  --  any    any     172.17.35.2          anywhere 

    15  1437 DROP       all  --  any    any     silmarillion.hpulabs.org 
anywhere
19914   24M IPS-Firewall-INPUT  all  --  any    any     anywhere 
anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source               
destination 

     0     0 DROP       all  --  any    any     172.17.35.2          anywhere 

     0     0 DROP       all  --  any    any     silmarillion.hpulabs.org 
anywhere

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source               
destination 

15374 2174K IPS-Firewall-OUTPUT  all  --  any    any     anywhere 
anywhere

Chain IPS-Firewall-INPUT (1 references)
  pkts bytes target     prot opt in     out     source               
destination 

   753  902K ACCEPT     all  --  lo     any     anywhere             anywhere 

19034   24M NFQUEUE    all  --  any    any     anywhere             anywhere 
         state RELATED,ESTABLISHED NFQUEUE num 0
     0     0 NFQUEUE    tcp  --  any    any     anywhere             anywhere 
          state NEW tcp dpt:ssh NFQUEUE num 0
     0     0 NFQUEUE    tcp  --  any    any     anywhere             anywhere 
          state NEW tcp dpt:http NFQUEUE num 0
   127  3556 REJECT     all  --  any    any     anywhere             anywhere 
          reject-with icmp-host-prohibited

Chain IPS-Firewall-OUTPUT (1 references)
  pkts bytes target     prot opt in     out     source               
destination 

15374 2174K NFQUEUE    all  --  any    any     anywhere             anywhere 
         NFQUEUE num 0

Will Metcalf wrote:
> Victors recomendations are fine....
> 
> Add the following to the top of your iptables script, you shouldn't be
> sending loopback traffic to snort_inline
> 
> iptables -A INPUT -i lo -j ACCEPT
> 


-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Snort-users mailing list
Snort-users@xxxxxxxxxxxxxxxxxxxxx
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
questions/problems with archive to: webmaster@mcabee.org
Mail converted by MHonArc 2.6.16