[Firehol-support] psad and firehol

[Jerome BENOIT]

Thanks for your reply:
I have just try it,
and unfortunaltely I get the same email message from
psad.

Jerome

Costa Tsaousis wrote:
> At the end of each interface add:
> 
>     server any psad drop log "DROP"
> 
> At the end of all interfaces add:
> 
> interface any psad
>     server any psad drop log "DROP"
> 
> 
> At the end of all routers add:
> 
> router psad
>     server any psad drop log "DROP"
> 
> 
> These will overwrite the default DROP rules added by FireHOL.
> 
> Costa
> 
> On Παρ, 2003-12-26 at 22:58, Jerome BENOIT wrote:
> 
>>Hello List,
>>
>>I have just written down my first FireHOL script:
>>my first trouble comes from psad: it emails the message:
>>
>>  ** The INPUT chain in the iptables ruleset on _CHANGEME_ includes a
>>     default LOG rule for all protocols, but the rule does not have a log
>>     prefix of "DROP".  It appears as though the log prefix is set to
>>     "IN-unknown:".  psad will not be able to detect scans without adding
>>     --log-prefix "DROP" to the rule.
>>
>>
>>I have try to put the following line to my script:
>>
>>FIREHOL_LOG_OPTIONS="--log-prefix \"DROP\""
>>
>>but I get an error message saying that iptable does not support
>>twice the same option.
>>
>>Is there a clean to satisfy psad ?
>>
>>Thanks inadvance,
>>Jerome
>>
>>PS:
>>Please CC your reponse to my email address
>>as I am not a memeber the list, thanks.
>>
>>
>>
>>-------------------------------------------------------
>>This SF.net email is sponsored by: IBM Linux Tutorials.
>>Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
>>Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
>>Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
>>_______________________________________________
>>Firehol-support mailing list
>>Firehol-support at lists.sourceforge.net
>>https://lists.sourceforge.net/lists/listinfo/firehol-support
> 
> 
>