[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Package Inspection

From: Mike Klinke <lsomike futzin com>
To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
Subject: Re: Package Inspection
Date: Mon, 24 Jan 2005 16:23:26 -0600

On Monday 24 January 2005 11:28, Roland Kaeser wrote:
> Hi all
>

> I need a package inspection tool for a very large firewall
> project. The ipt_string functionality does not longer exist in
> the iptables implementation of the kernel 2.6 so I need a other
> tool which drops all packages or communication parts which
> contains dangerous contents.  

I've not played with it but perhaps snort with its "inline" mode 
will help here.

>From the docs ...

==============
Snort-Inline takes packets from iptables instead of libpcap.  It 
then uses new rule types to help iptables make pass or drop 
decisions based on snort rules.  

....

NEW RULE TYPES AND WHAT THEY DO:

drop - The drop rule type will tell iptables to drop the packet and 
log it via usual snort means.

reject - The reject rule type will tell iptables to drop the packet, 
log it via usual snort means, and send a TCP reset if the protocol 
is TCP or an icmp port unreachable if the protocol is UDP.

sdrop - The sdrop rule type will tell iptables to drop the packet.  
Nothing is logged.
===================

Regards, Mike Klinke

References:
- Package Inspection
  - From: Roland Kaeser

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]