Home page logo

snort logo Snort mailing list archives

Re: Handling firewall rejected packets in SNort IPS
From: waldo kitty <wkitty42 () windstream net>
Date: Sun, 19 May 2013 13:09:25 -0400

On 5/19/2013 10:19, James Lay wrote:

On May 19, 2013, at 6:32 AM, VES Education <veseducation () yahoo com
<mailto:veseducation () yahoo com>> wrote:

iptables -A Input jmptosnort
iptables -A Input jmptogood


iptables -I Input jmptosnort
iptables -I Input jmptogood

in both cases, the actual ordering is not going to be what you expect it to
be... jmptosnort will be last in line and everything else will be acted on

-A will append….so the order you see in your script is the order you'll get in
the table. -I will insert..each -I goes at the top of the table, effectively
reversing the order in your script. Just thought I'd toss that out there.

:oops: thanks, james... i can't believe i let that go out bassackwards like 
that... i meant to flip the -A examples :( :oops:

NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]