Snort mailing list archives
Re: snort-inline question
From: Guillaume Rix <grix () sun com>
Date: Tue, 07 Oct 2003 14:21:47 +0200
I'm sure this will be asked or told to you a hundred times, but: If all you want snort to do is look at packets, why did you use snort-inline instead of snort? did you look at the docs at all? The whole point of using snort-inline is to use iptables. It's likeordering a cheeseburger and then complaining that it has cheese. Go get ahamburger...The point is, that snort does not see anything when iptables is restricting access to the machine.I want snort to look at all packages on the interface but iptables still to work as a stateful firewall and both at the same time is a little tricky.Harry
Perhaps you can launch snort-inline with just the rules that you want drop, replace, etc ....
and launch a snort in the same time just for have a look on all packets. Sorry if it's stupid as idea, I don't know very snort-inline. Guillaume ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort-inline question Harry Brueckner (Oct 07)
- Message not available
- Re: snort-inline question Harry Brueckner (Oct 07)
- Re: snort-inline question Guillaume Rix (Oct 07)
- Re: snort-inline question seclists (Oct 07)
- Message not available
- Re: snort-inline question Harry Brueckner (Oct 07)
- Re: snort-inline question Harry Brueckner (Oct 07)
- Message not available