For a good connection tracking with QUEUE we have to write this rules:
iptables -A FORWARD -p tcp -m state --state ESTABLISHED --tcp-flags ACK,FIN NONE -j ACCEPT iptables -A FORWARD -d $DMZ -p tcp -m state --state ESTABLISHED --dport 80 --tcp-flags SYN,RST,ACK RST -j QUEUE iptables -A FORWARD -d $DMZ -p tcp -m state --state ESTABLISHED --dport 80 --tcp-flags FIN FIN -j QUEUE iptables -A FORWARD -s $DMZ -p tcp -m state --state ESTABLISHED --sport 80 --tcp-flags SYN,ACK SYN,ACK -j QUEUE iptables -A FORWARD -p tcp -m state --state ESTABLISHED -j ACCEPT iptables -A FORWARD -d $DMZ -p tcp --syn --dport 80 -m state --state NEW -j QUEUE
And for NFQUEUE, what are thebest rules? Same or other? 1) I would like to keep the rule: ESTABLISHED -j ACCEPT for push the paquet to snort-inline ( NFQUEUE --queue-num 3 -> we can, I try and I'll do!! Ah ah ) 2) I'm french -> an exemple is better than a great blabla (May be I will not understand all)
BEBEL David
---------------------------------------------------------------- Avec Neuf, on peut envoyer jusqu'à 9Go par mail. Decouvrez Neuf Giga http://www.neufgiga.com