On Monday 24 January 2005 11:28, Roland Kaeser wrote: > Hi all > > I need a package inspection tool for a very large firewall > project. The ipt_string functionality does not longer exist in > the iptables implementation of the kernel 2.6 so I need a other > tool which drops all packages or communication parts which > contains dangerous contents. I've not played with it but perhaps snort with its "inline" mode will help here. >From the docs ... ============== Snort-Inline takes packets from iptables instead of libpcap. It then uses new rule types to help iptables make pass or drop decisions based on snort rules. .... NEW RULE TYPES AND WHAT THEY DO: drop - The drop rule type will tell iptables to drop the packet and log it via usual snort means. reject - The reject rule type will tell iptables to drop the packet, log it via usual snort means, and send a TCP reset if the protocol is TCP or an icmp port unreachable if the protocol is UDP. sdrop - The sdrop rule type will tell iptables to drop the packet. Nothing is logged. =================== Regards, Mike Klinke
