[tech] Snort Testing
Matt Johnston
matt at ucc.asn.au
Tue Feb 21 20:53:52 WST 2012
On Wed, Feb 15, 2012 at 12:23:24AM +0800, Daniel Axtens wrote:
> I have enabled snort on a much wider range of IP addresses - colo boxes, vms and clubroom machines.
>
> Let me know if this breaks anything.
Snort stopped running for some reason this arvo, so anything
matched by the NFQUEUE iptables rule is being dropped.
$IPTABLES -A FROMOUTSIDE -m iprange --dst-range 130.95.13.66-130.95.13.119 ! -s 130.95.3.81 -j NFQUEUE
$IPTABLES -A FROMOUTSIDE -m iprange --src-range 130.95.13.66-130.95.13.119 -j NFQUEUE
I've deleted those two rules for the time being, they're
still in ucc-fw.
Matt
More information about the tech
mailing list