|
|
|
|
Snort Forums Archive
Archive Home » Third Party Tools » Using Snort to update Linksys RV082 firewall rules
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Using Snort to update Linksys RV082 firewall rules
Posted by jlbrown on October 13, 2005 17:12:14
Has anyone had experience getting Snort to update the firewall rules on a Linksys RV082 router? Ie using
Guardian or snort_inline etc?
If so, how does this work?
Thanks,
James. |
|
Posted by Joel_Esler on October 21, 2005 07:46:18
I haven't heard of anyone using Snort to update anything other than:
iptables
Checkpoint
Cisco PIX
But would be interested in any solution
Joel Esler
SOURCEfire |
|
Posted by big_boi on October 25, 2005 09:30:42
I don't know off the top of my head if your Linksys is one of the ones supported by 3rd-party Linux-based firmwares, but you can check over at www.linksysinfo.org. If yours is one of the Linux-bsaed devices then you can flash to a firmware that supports add-in modules. I know OpenWRT and DD-WRT both support a snort module. I am running DD-WRT on my wireless G linksys, but have not tried running snort on it. I am afraid that the device simply can't handle it.
However, I am trying to think of how I might still be able to use snort to update the rules on the device. I think the best way would be to use one of the LAN ports on the device to run as a mirror/span port. Then run snort on a box connected to that port. Somehow you ought to be able to cull bad IP addresses from your snort box, and connect via ssh or something to the Linksys in order to feed these addresses into your IPTables rules on the Linksys device.
This is just something I've started thinking about so I'm sorry I'm not much use with any hands-on configuration here. |
|
|
|
|
|
