[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Package Inspection



On Monday 24 January 2005 11:28, Roland Kaeser wrote:
> Hi all
>
 
> I need a package inspection tool for a very large firewall
> project. The ipt_string functionality does not longer exist in
> the iptables implementation of the kernel 2.6 so I need a other
> tool which drops all packages or communication parts which
> contains dangerous contents.  
 

I've not played with it but perhaps snort with its "inline" mode 
will help here.

>From the docs ...

==============
Snort-Inline takes packets from iptables instead of libpcap.  It 
then uses new rule types to help iptables make pass or drop 
decisions based on snort rules.  
 
....

NEW RULE TYPES AND WHAT THEY DO:

drop - The drop rule type will tell iptables to drop the packet and 
log it via usual snort means.

reject - The reject rule type will tell iptables to drop the packet, 
log it via usual snort means, and send a TCP reset if the protocol 
is TCP or an icmp port unreachable if the protocol is UDP.

sdrop - The sdrop rule type will tell iptables to drop the packet.  
Nothing is logged.
===================


Regards, Mike Klinke



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]