Mailinglist Archive: opensuse (4053 mails)

< Previous Next >
Re: [SLE] configuring SNORT on a router/firewall
  • From: "Guy Van Sanden" <sienix@xxxxxxxxxxxxxx>
  • Date: Wed, 08 Aug 2001 09:59:50 +0200
  • Message-id: <3b70f2ee.f513.0@xxxxxxxxxxxxxx>
Thanks Togan

I tried the EXTERNAL_NET any now, and it seems to work.

I run SuSEfirewall on an old P120 system, it's working fine.
I want to run SNORT mainly to detect port-scans (and warn me
immediately if I'm logged in)... and to see if someone tries to
do something like spread a worm-virus through my provider. I'm
a cable-user, and my firewall is up 24/24 7/7 so I get a lot of
this stuff (fortunately, the firewall has always protected me).

Thanks for your help, I'll check out harden_suse to, I'm not
using that yet.

>* Guy Van Sanden; <sienix@xxxxxxxxxxxxxx> on 07 Aug, 2001 wrote:
>> Is anyone using snort on a router?
>> I would like to run it to defend my internal network against
>> external attacks, but I can't get it configured properly, and
>> the documentation isn't helping...
>ehmm. AFAIK snort will not defend your network it is an IDS
>Detection System) it will help you to understand how they did
it if you
>are compromised. Although you can combine snort with
"" (to
>add the necessary firewall rules) you will still need
>a) packet filtering system (ipchains or iptables)
>b) harden_suse script of Marc Heuse of SuSE
>> I'm got everything to the part where I have to define my
>> external net... (I got the internal)
>> What do I have to fill out to say it's the Internet?
>1) have you tried "EXTERNAL_NET !$HOME_NET" or "EXTERNAL_NET any "
>2) which version are you using (currently it is 1.8.1-beta6 yet
I am
>using 1.8-beta3)
>Togan Muftuoglu
>To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
>For additional commands send e-mail to
>Also check the FAQ at and the
>archives at

< Previous Next >
Follow Ups