[EMAIL PROTECTED] wrote: > Rafael Capovilla a écrit : >> What do you mean? >> firewall-drop.sh works just fine with iptables/pf/ipfw > no, a iptables who log and work with OSSEC (just a sample) (like apache, > syslog...)
Do you mean a iptables rule to allow ossec server/agent to communicate? I use something like this on my ossec server (where the 123.123... is the subnet that my agents are located in): -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT <snip> # ossec -A INPUT -s 123.123.123.12/34 -m state --state NEW -p udp --dport 1514 -j ACCEPT I don't block outbounds and need no rules on agent machines. If you do something like this would work. (WARNING completely untested and from my poor memory of OUTPUT rules -A OUTPUT -d <server ip> -p udp --dport 1514 -j ACCEPT If you mean have ossec watch your iptables logs, I guess it does that already http://www.ossec.net/wiki/index.php/Supported-Logs norm
