A WRAP (266MHz Geode) is maxed out at 32 mbit/s (with optimum packetsize).
However with enabled trafficshaper and lots of traffic (bittorrent for example)
it's not able to keep up at my 16/1 mbit/s adsl2+ connection. Depending on your
WAN speed or if you need LAN to OPT traffic these devices rea
This is not feasible. Dummynet (which is what is used on the CP) is
not compatible with PF due to a rdr bug of some sort.
The problem has been brought up on the FreeBSD lists but nobody is
interested in fixing it.
Scott
On 10/4/06, Jan-Patrick Perisse <[EMAIL PROTECTED]> wrote:
Jonathan De G
Jonathan De Graeve has implemented this nice feature and they are
working on monowall 1.23b1. Has anyone tried or is willing to implement
them into pfsense captive portal?
If someone can show me the way on that, I am willing to help and maybe
to do all the job.
At the time, I am using monowall for
Its a 4801 with the fastest processor I could get (266). We'll see what I can
do with it, I don't plan on using a default config with snort. I know I'm going
to have to tweak it. With the right setup, I believe running snort on the
embedded image _is_ feasable. If I do manage to pull it off, I'
On 10/4/06, Donald Pulsipher <[EMAIL PROTECTED]> wrote:
According to my rough calculations, I can do maybe 40mbps throughput before I
peg the cpu. Or maybe I'm just dreaming, but I plan on testing it.
With a 4801 or wrap??? Try again :) We peg the CPU on those boards
well before 40mbit...I
According to my rough calculations, I can do maybe 40mbps throughput before I
peg the cpu. Or maybe I'm just dreaming, but I plan on testing it.
On Wed, 4 Oct 2006 12:34:08 -0500, "Jason J. Ellingson" <[EMAIL PROTECTED]>
wrote:
> I was under the impression that Snort takes a lot of CPU power an
I was under the impression that Snort takes a lot of CPU power and RAM
(100MB+ even in "lowmem" mode?). I don't know if a Soekris/WRAP could
handle it.
- Jason
-Original Message-
From: Donald Pulsipher [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 04, 2006 12:04 PM
To: discussion@p
SH. Don't tell anyone this. ;)
Scott
On 10/4/06, Donald Pulsipher <[EMAIL PROTECTED]> wrote:
The /pkg_mgr.php and related files are still in the www directory, I just
pointed to them in my url.
If I upgrade to RC3, is there an easy way to change the embedded image to
support packages
The /pkg_mgr.php and related files are still in the www directory, I just
pointed to them in my url.
If I upgrade to RC3, is there an easy way to change the embedded image to
support packages ? Otherwise I could always just compile and install snort
myself I guess.
Thanks for your replies.
B
Snort requires 1.0-RC3.
On 10/4/06, Donald Pulsipher <[EMAIL PROTECTED]> wrote:
I tried to install the snort package but get an error. This was on my Soekris
embedded box with the embedded version 1.0-RC1a.
Here is the output :
-
Installation of snort FAILED!
Downloading package configura
On 10/4/06, Donald Pulsipher <[EMAIL PROTECTED]> wrote:
I tried to install the snort package but get an error. This was on my Soekris
embedded box with the embedded version 1.0-RC1a.
Two problems here.
1. RC1 is ancient, the snort package only works on RC3 and above
2. Embedded doesn't suppor
Snort hooks into bpf, bpf gets 1st look at all traffic.
Greg
> -Original Message-
> From: Jason J. Ellingson [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 04, 2006 2:58 PM
> To: discussion@pfsense.com
> Subject: RE: [pfSense-discussion] IDS yet?
>
> So far, I like the new Snor
I tried to install the snort package but get an error. This was on my Soekris
embedded box with the embedded version 1.0-RC1a.
Here is the output :
-
Installation of snort FAILED!
Downloading package configuration file... failed!
Installation aborted.
Installation halted.
-
Do I need
On 10/4/06, Holger Bauer <[EMAIL PROTECTED]> wrote:
No, it sees everything. For example running at my WAN though nearly everything
is blocked it detects portscans too and will block this IP (if enabled) so it
can't start a bruteforce against my open ports. If you are lucky it will even
block t
Very cool. Perhaps I'll be brave and allow it to block those IPs.
Any way to send the Snort alerts to a syslog? I'd like to analyze them.
- Jason
-Original Message-
From: Holger Bauer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 04, 2006 9:52 AM
To: discussion@pfsense.com
Subje
No, it sees everything. For example running at my WAN though nearly everything
is blocked it detects portscans too and will block this IP (if enabled) so it
can't start a bruteforce against my open ports. If you are lucky it will even
block the intruder before it reaches open ports on your syste
So far, I like the new Snort package. Very nice and easy to set up.
You have my praises!
If I am correct, the Snort package only sees traffic that was not
blocked by firewall rules?
- Jason
On 10/4/06, Bill Marquette <[EMAIL PROTECTED]> wrote:
On 10/4/06, Tommaso Di Donato <[EMAIL PROTECTED]> wrote:> On 10/4/06, Rainer Duffner <[EMAIL PROTECTED]
> wrote:> > At least in this respect, pfSense is still a clear packet-filter only ;-)> > And ideally, it should stay this way while analyzing
On 10/4/06, Tommaso Di Donato <[EMAIL PROTECTED]> wrote:
On 10/4/06, Rainer Duffner <[EMAIL PROTECTED]> wrote:
> At least in this respect, pfSense is still a clear packet-filter only ;-)
> And ideally, it should stay this way while analyzing packet-content
> should occur elsewhere (because it als
Tommaso Di Donato wrote:
On 10/4/06, Rainer Duffner
<[EMAIL PROTECTED]>
wrote:
At
least in this respect, pfSense is still a clear packet-filter only ;-)
And ideally, it should stay this way while analyzing packet-content
should occur elsewhere (because it also needs much more CPU-power).
On 10/4/06, Rainer Duffner <[EMAIL PROTECTED]> wrote:
At least in this respect, pfSense is still a clear packet-filter only ;-)And ideally, it should stay this way while analyzing packet-contentshould occur elsewhere (because it also needs much more CPU-power).
Sorry, but I do not agree totally wit
Daniel S. Haischt wrote:
Beside that I always thought Snort is first and foremost
an IDS and not an IPS...
It can do both, IIRC.
But commercial IDS/IPS products have been blurring the line between
these two purposes for years - upto a point where I think there is no
real distinction possi
Beside that I always thought Snort is first and foremost
an IDS and not an IPS...
Holger Bauer schrieb:
> I suggest just trying the snort package in the way it is now before
> discussinng new features so everybody in this discussion knows what we are
> talking about. It's easy to setup and confi
I suggest just trying the snort package in the way it is now before discussinng
new features so everybody in this discussion knows what we are talking about.
It's easy to setup and configure. You have to be at RC3 for it to work.
Holger
-Original Message-
From: Tommaso Di Donato [mailto
24 matches
Mail list logo
