Permalink
Browse files

added FW_HELP file

git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@1208 91a0a83b-1414-0410-bf9a-c3dbc33e90b6
  • Loading branch information...
1 parent 55dd0ea commit ca4583359600185fa94c19116d02cb3db0b70f17 @mrash committed Oct 2, 2004
Showing with 23 additions and 0 deletions.
  1. +23 −0 FW_HELP
View
23 FW_HELP
@@ -0,0 +1,23 @@
+The main requirement for an iptables configuration to be compatible with psad
+is simply that iptables logs packets. This is commonly accomplished by adding
+rules to the INPUT and FORWARD chains like so:
+
+ iptables -A INPUT -j LOG
+ iptables -A FORWARD -j LOG
+
+The rules above should be added at the end of the INPUT and FORWARD chains
+after all ACCEPT rules for legitimate traffic and just before a corresponding
+DROP rule for traffic that is not to be allowed through the policy. Note that
+iptables policies can be quite complex with protocol, network, port, and
+interface restrictions, user defined chains, connection tracking rules, and
+much more. There are many pieces of software such as Shorewall and Firewall
+Builder, that build iptables policies and take advantage of the advanced
+filtering and logging capabilities offered by iptables. Generally the policies
+built by such pieces of software are compatible with psad since they
+specifically add rules that instruct iptables to log packets that are not part
+of legitimate traffic. Psad can be configured to only analyze those iptables
+messages that contain specific log prefixes (which are added via the
+--log-prefix option), but the default as of version 1.3.2 is for psad to
+analyze all iptables log messages for port scans, probes for backdoor
+programs, and other suspect traffic. See the list of features offered by psad
+for more information (http://www.cipherdyne.org/psad/features.html).

0 comments on commit ca45833

Please sign in to comment.