OSSIM Firewall Rules

So you’ve installed OSSIM, setup your agents / remote sysloggers and still not seeing data? logs on your remote devices state target unavailable. Don’t forget to open the firewall ports..

open file using NANO

nano /etc/ossim/firewall_include

examples :-

open one port

-A INPUT -p udp -m state --state NEW -m udp --dport 555 -j ACCEPT

open range of ports

iptables -A INPUT -p tcp --dport 1000:2000 will open up inbound traffic to TCP ports 1000 to 2000 inclusive

to save your changes

CTRL + X, Y to confirm

Tell the firewall to reload using updated rules

ossim-reconfig

notes about switches

-m multiport –dports is only needed if the range you want to open is not continuous,

eg -m multiport --dports 80,443, which will open up HTTP(80) and HTTPS(443) – but not any of the ports in between