Snort mailing list archives
snort-inline question
From: Harry Brueckner <hb () o-d de>
Date: Tue, 07 Oct 2003 12:30:52 +0200
Hi all, I have a question regarding snort or more precisely snort-inline.I have iptables installed as a stateful firewall and all communication which is not initiated by my machine is dropped.
Now I would like to use snort to sniff the traffic which passes along outside my machine but this is not possible because snort only sees data which passed iptables.
My idea was to use snort_inline to look at the datastream and then pass it back to iptables to handle all the permission stuff. I managed to get snort_inline to see all data by adding QUEUE rules to my iptables setup but afterwards all traffic is permitted. It seems like the packets do not get back to iptables at all because I also tried a logging rule directly after the QUEUE rule but it never gets called.
Is there a way to get snort to see all the traffic but not to open iptables? I do not want snort to take any actions except log the packets.
Any ideas? Harry ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort-inline question Harry Brueckner (Oct 07)
- Message not available
- Re: snort-inline question Harry Brueckner (Oct 07)
- Re: snort-inline question Guillaume Rix (Oct 07)
- Re: snort-inline question seclists (Oct 07)
- Message not available
- Re: snort-inline question Harry Brueckner (Oct 07)
- Re: snort-inline question Harry Brueckner (Oct 07)
- Message not available