On Wed, Jan 12, 2005 at 04:11:42PM +0100, Roland Kaeser wrote:
> Hi
>
> I got a look at the proposals You made. I tried it to compile but all I got was
> frustration, frustration and more. On the bottom-line snort-inline is a crap because
> it depends on very old software (libnet, which has itself a lot of bugs) and trying
> to compile it on a halfway actual system brings to to the mental hospital. This
> makes it more frustrating becaus of the string match isn't our primary security part
> it should only prevent the servers from most common attacks to bring the load down.
> All traffic goes through reverse (or "normal") proxies which enables the application
> level firewall.
any proxy worth a "crap" can do more than the string match, so i fail
to see your point. maybe your proxy is "crap." maybe the skill set of
your proxy administrator is "crap."
> I JUST WANT TO RUN THE IPT_STRING ON A KERNEL 2.6.
yeah--yelling is a great way to inspire the folks that have already given
you all this great code for free to accept that their efforts thus far
have been insufficient to satisfy you. to borrow a quote from the folks
on openbsd-misc:
"shut up and hack."
-j
--
"Another day, another box of stolen pens."
--The Simpsons
