ipchains problem

[drazen.pranic () agrokor hr]

Hello,

Dear Snort users, I urgently need help.

One problem takes me a lot of time.

In our company we want to improve our security. We have comercial firewall.

We choose snort as IDS solution. Snort runs on Linux machine infront of
whole network.

Whole IP traffic passes through it. Now, we want to configure ipchains with
snort.

I found guardian script that automatically do that. It works ok, but we have
problem with ipcahins.

When attack came on IP address of Linux machine IPchains blocked it
correctly.

(Linux machine has only one interface.)

Problem is when attack came on IP addresses of comercial firewall (which is
behind snort), nothing happend.

It seems that ipchains blocks only traffic for linux server.

I failed manually to block other ip addresses.

How can we block whole range of ip addresses?

Thanks for any help,

Drazen