Package Inspection

Mike Klinke lsomike at futzin.com
Mon Jan 24 22:23:26 UTC 2005


On Monday 24 January 2005 11:28, Roland Kaeser wrote:
> Hi all
>
 
> I need a package inspection tool for a very large firewall
> project. The ipt_string functionality does not longer exist in
> the iptables implementation of the kernel 2.6 so I need a other
> tool which drops all packages or communication parts which
> contains dangerous contents.  
 

I've not played with it but perhaps snort with its "inline" mode 
will help here.

>From the docs ...

==============
Snort-Inline takes packets from iptables instead of libpcap.  It 
then uses new rule types to help iptables make pass or drop 
decisions based on snort rules.  
 
....

NEW RULE TYPES AND WHAT THEY DO:

drop - The drop rule type will tell iptables to drop the packet and 
log it via usual snort means.

reject - The reject rule type will tell iptables to drop the packet, 
log it via usual snort means, and send a TCP reset if the protocol 
is TCP or an icmp port unreachable if the protocol is UDP.

sdrop - The sdrop rule type will tell iptables to drop the packet.  
Nothing is logged.
===================


Regards, Mike Klinke





More information about the fedora-devel-list mailing list