[Firehol-support] psad and firehol
Costa Tsaousis
costa at tsaousis.gr
Mon Dec 29 08:11:03 GMT 2003
At the end of each interface add:
server any psad drop log "DROP"
At the end of all interfaces add:
interface any psad
server any psad drop log "DROP"
At the end of all routers add:
router psad
server any psad drop log "DROP"
These will overwrite the default DROP rules added by FireHOL.
Costa
On Παρ, 2003-12-26 at 22:58, Jerome BENOIT wrote:
> Hello List,
>
> I have just written down my first FireHOL script:
> my first trouble comes from psad: it emails the message:
>
> ** The INPUT chain in the iptables ruleset on _CHANGEME_ includes a
> default LOG rule for all protocols, but the rule does not have a log
> prefix of "DROP". It appears as though the log prefix is set to
> "IN-unknown:". psad will not be able to detect scans without adding
> --log-prefix "DROP" to the rule.
>
>
> I have try to put the following line to my script:
>
> FIREHOL_LOG_OPTIONS="--log-prefix \"DROP\""
>
> but I get an error message saying that iptable does not support
> twice the same option.
>
> Is there a clean to satisfy psad ?
>
> Thanks inadvance,
> Jerome
>
> PS:
> Please CC your reponse to my email address
> as I am not a memeber the list, thanks.
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
> Free Linux Tutorials. Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
More information about the Firehol-support
mailing list