r1 - 09 Mar 2007 - 14:34:49 - MattJonkmanYou are here: TWiki > 
Main Web > SnortSam > SnortSamDocumentation > SnortSamREADMEiptables
Main Web > SnortSam > SnortSamDocumentation > SnortSamREADMEiptablesSnortSam Iptables
The Iptables plugin works on all linux box, iptables installed. Default configuration is for any linux iptables-firewall with default DROP rule, and working with 2 interfaces: eth0 = internal net eth1 = external net you can also change the target ethernet card by adding the correct ethX name on the snortsam.conf file. The standard block command is: iptables -I FORWARD -i eth1 -s {ip_addr_to_be_blocked} -j REJECT The standard unblock command is: iptables -D FORWARD -i eth1 -s {ip_addr_to_be_unblocked} -j REJECT To start support for Iptables you have to add one line to the snortsam.conf like: iptables eth1 log You can also make your iptables block/unblock command by editing the module ssp_iptables.c (PAY ATTENTION AT THE CORRECT IPTABLES SYNTAX!!!) and then recompile it. Fabrizio Tivano fabrizio@sad.it -- MattJonkman - 09 Mar 2007
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback