Re: Snort Inline

[Jihoon Chung <jhchung () sig-n com>]

Don't you have to put something like below to get all the packets?

iptables -t filter -A FORWARD -j QUEUE

Last time I used snort-inline (was very long ago..), I put the above
line and it worked nicely..

On Thu, Jan 02, 2003 at 10:52:28AM -0600, Bob McDowell wrote:
> I have no 'official' documentation as of yet.  I'm still feeling around in
> the dark, searching for answers.  I can, however, share with you the (mostly
> undocumented) steps you'll need to take.  Maybe someone from the list can
> correct my mistakes.
>
> 1)  Get the iptables source and re-compile it into the kernel src, with ipq
> enabled:  make install-devel KERNEL_DIR=(your kernel source dir)
> 2)  Then compile your new kernel with that option.  You will have to enable
> 'Experimental code' as well as 'Userspace queuing' in your 'make menuconfig'
> step.
> 3)  Get and install libpcap
> 4)  Get and compile snort-inline - './configure --enable-inline'
> 5)  Change one of the included rules from 'alert xyz' to 'drop xyz'
> 6)  Run snort with the -Q option
>
> If you get no errors, you are now as far as I am...
>
> As I've stated, I'm have issues with logging.  With the -Q option passed to
> snort, it does not log anything at all.  I suppose it may not even be
> working at all, but at least I've quieted all the errors.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users