[Firewall] Snort inline or plugins
chen.hsinan2007 at gmail.com
Wed Mar 10 20:37:52 CET 2010
I like Arno's firewall iptables scripts, and want to integrate snort
inline with it, so it can be enhanced like a IPS.
Does anyone have any idea how to do it, or any how-to guide to
implement plugins with it?
To implement this, it only required to redirect incoming packets to
"QUEUE", and snort inline will handle it automatically based on snort
iptables -A INPUT -p tcp --dport 80 -j QUEUE
Above check can be done after it passed original iptables (assume you
are running a web server), and check whether this incoming packet is
bad or not.
More information about the Firewall