Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort-inline question

From: Harry Brueckner <hb () o-d de>
Date: Tue, 07 Oct 2003 12:30:52 +0200
Hi all,

I have a question regarding snort or more precisely snort-inline.
I have iptables installed as a stateful firewall and all communication which is not initiated by my machine is dropped.
Now I would like to use snort to sniff the traffic which passes along outside my machine but this is not possible because snort only sees data which passed iptables.
My idea was to use snort_inline to look at the datastream and then pass it back to iptables to handle all the permission stuff. I managed to get snort_inline to see all data by adding QUEUE rules to my iptables setup but afterwards all traffic is permitted. It seems like the packets do not get back to iptables at all because I also tried a logging rule directly after the QUEUE rule but it never gets called.
Is there a way to get snort to see all the traffic but not to open iptables? I do not want snort to take any actions except log the packets. 

Any ideas?

Harry



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: