[tech] Snort Testing
Daniel Axtens
danielax at gmail.com
Tue Feb 21 21:53:44 WST 2012
Ah, I broke it to switch to postgres, but I naively thought that if NFQUEUE failed the packets would continue merrily onwards to their destination.
Thanks for fixing that.
Apologies to all.
-- d
On 21/02/2012, at 8:53 PM, Matt Johnston wrote:
> On Wed, Feb 15, 2012 at 12:23:24AM +0800, Daniel Axtens wrote:
>> I have enabled snort on a much wider range of IP addresses - colo boxes, vms and clubroom machines.
>>
>> Let me know if this breaks anything.
>
> Snort stopped running for some reason this arvo, so anything
> matched by the NFQUEUE iptables rule is being dropped.
>
> $IPTABLES -A FROMOUTSIDE -m iprange --dst-range 130.95.13.66-130.95.13.119 ! -s 130.95.3.81 -j NFQUEUE
> $IPTABLES -A FROMOUTSIDE -m iprange --src-range 130.95.13.66-130.95.13.119 -j NFQUEUE
>
> I've deleted those two rules for the time being, they're
> still in ucc-fw.
>
> Matt
More information about the tech
mailing list