Login or Register to Ask a Question and Join Our Community


Software Releases - RSS News

Hogwash Light BR 1.5 RC2 (Default branch)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums News, Links, Events and Announcements Software Releases - RSS News Hogwash Light BR 1.5 RC2 (Default branch)
# 1  
Old 06-19-2008
Hogwash Light BR 1.5 RC2 (Default branch)
Image HLBR is an IPS (Intrusion Prevention System) that can filter packets directly in layer 2 of the OSI model (invisible to attackers). Detection of malicious/anomalous traffic is done by rules based on signatures. It is an efficient and versatile IPS, and can be used as a bridge to honeypots and honeynets. HLBR is a firewall element and can use regular expressions to detect malicious traffic. For example, a rule which might detect links to viruses in email messages would be 'tcp regex(href="[^\n]+\.scr")'. License: GNU General Public License (GPL) Changes:
The URI test has been moved to the HTTP test (still testing). An HTTP method test has been added. An URI decoder has been added to the engine. Now decoders may have configuration options. New (and more efficient) HTTP header detection. test_ethernet_{src,dst}.c and README.{en,pt_BR} have been updated. The tcpdump header has been changed from /var/lib/hlbr to /usr/lib/hlbr. A description and force-reload option have been added to init.d to make it compliant with Debian and LSB. There are new rules.Image

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT OPENSOLARIS

tc-fw

Firewall mark classifier in tc(8)                                      Linux                                     Firewall mark classifier in tc(8)

NAME

       fw - fwmark traffic control filter

SYNOPSIS

       tc filter ... fw [ classid CLASSID ] [ action ACTION_SPEC ]

DESCRIPTION

       the fw filter allows to classify packets based on a previously set fwmark by iptables.  If it is identical to the filter's handle, the fil-
       ter matches.  iptables allows to mark single packets with the MARK target, or whole connections using CONNMARK.  The benefit of using  this
       filter  instead of doing the heavy-lifting with tc itself is that on one hand it might be convenient to keep packet filtering and classifi-
       cation in one place, possibly having to match a packet just once, and on the other users familiar with iptables but not tc will have a less
       hard time adding QoS to their setups.

OPTIONS

       classid CLASSID
              Push matching packets to the class identified by CLASSID.

       action ACTION_SPEC
              Apply an action from the generic actions framework on matching packets.

EXAMPLES

       Take e.g. the following tc filter statement:

              tc filter add ... handle 6 fw classid 1:1

       will match if the packet's fwmark value is 6.  This is a sample iptables statement marking packets coming in on eth0:

              iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 6

SEE ALSO

       tc(8), iptables(8), iptables-extensions(8)

iproute2                                                            21 Oct 2015                                  Firewall mark classifier in tc(8)