[Firewall] Snort inline or plugins

Hsin-an Chen chen.hsinan2007 at gmail.com
Wed Mar 10 20:37:52 CET 2010


Hi all,

I like Arno's firewall iptables scripts, and want to integrate snort
inline with it, so it can be enhanced like a IPS.
Does anyone have any idea how to do it, or any how-to guide to
implement plugins with it?

To implement this, it only required to redirect incoming packets to
"QUEUE", and snort inline will handle it automatically based on snort
rules:

iptables -A INPUT -p tcp --dport 80 -j QUEUE

Above check can be done after it passed original iptables (assume you
are running a web server), and check whether this incoming packet is
bad or not.

Thanks,

Hsinan


More information about the Firewall mailing list