Hi Gil - On Jul 20, 2009, Gil Vidals wrote:
> I'm new to psad, but I'm glad to have successfully installed psad w/ > fwsnort for the first time. I've confirmed it's working and see that > string matching is executing correctly. Cool. > At some point, I noticed a psad or fwsnort message, warning me that > "ipv4options" was not compiled into iptabels (I'm using Centos 5.3 > kernel 2.6.128). I reviewed my iptables options and I don't see > anything related to ipv4options. Can someone please shed some light on > whether or not ipv4options is an important feature for psad/fwsnort to > work 100%: The ipv4options extension is not important - it is only used by fwsnort to see whether any Snort rule that contains the "ipopts" keyword can be successfully translated into an iptables rule. The total number of Snort rules that contain the ipopts keyword is very small though, so this is why it is not important. Thanks, --Mike > ??? ??? <M> Netfilter netlink > interface > ??? ??? <M> Netfilter NFQUEUE > over NFNETLINK interface > ??? ??? <M> Netfilter LOG over > NFNETLINK interface > ??? ??? <M> Netfilter Xtables > support (required for ip_tables) > ??? ??? <M> "CLASSIFY" target > support > ??? ??? <M> "CONNMARK" target > support > ??? ??? <M> "MARK" target support > ??? ??? <M> "NFQUEUE" target > Support > ??? ??? <M> "NOTRACK" target > support > ??? ??? <M> "SECMARK" target > support > ??? ??? <M> "CONNSECMARK" target > support > ??? ??? <M> "comment" match > support > ??? ??? <M> "connbytes" > per-connection counter match support > ??? ??? <M> "connmark" connection > mark match support > ??? ??? <M> "conntrack" > connection tracking match support > ??? ??? <M> "DCCP" protocol match > support > ??? ??? <M> "ESP" match support > ??? ??? <M> "helper" match > support > ??? ??? <M> "length" match > support > ??? ??? <M> "limit" match support > ??? ??? <M> "mac" address match > support > ??? ??? <M> "mark" match support > ??? ??? <M> IPsec "policy" match > support > ??? ??? <M> Multiple port match > support > ??? ??? <M> "physdev" match > support > ??? ??? <M> "pkttype" packet type > match support > ??? ??? <M> "quota" match support > ??? ??? <M> "realm" match support > ??? ??? <M> "sctp" protocol match > support (EXPERIMENTAL) > ??? ??? <M> "state" match support > ??? ??? <M> "statistic" match > support > ??? ??? <M> "string" match > support > ??? ??? <M> "tcpmss" match > support > ??? ??? > > > Gil Vidals > gvid...@vmracks.com > vmracks.com - ESX Hosting > t. 760.480.4942 f. 760.480.8271 > Chat: MSN: gilvid...@hotmail.com Skype: gvidals > ------------------------------------------------------------------------------ > Enter the BlackBerry Developer Challenge > This is your chance to win up to $100,000 in prizes! For a limited time, > vendors submitting new applications to BlackBerry App World(TM) will have > the opportunity to enter the BlackBerry Developer Challenge. See full prize > details at: http://p.sf.net/sfu/Challenge > _______________________________________________ > psad-discuss mailing list > psad-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/psad-discuss ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
