QUEUE questions?

["mdpeters" <michael.peters () lazarusalliance com>]

I have set up a transparent bridge using Fedora Core 2. The only thing that passes through is arp messages. I have a 
Nessus scanner on a hub at one side of the bridge and the target system on a hub at the other side of the bridge. I 
will get only two line entries in syslog. 

These are the iptable rules.

/usr/local/sbin/iptables -P FORWARD DROP
/usr/local/sbin/iptables -A FORWARD -j LOG --log-prefix "PRE QUEUE"
/usr/local/sbin/iptables -A FORWARD -p tcp --syn -m state --state NEW -j QUEUE
/usr/local/sbin/iptables -A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j QUEUE
/usr/local/sbin/iptables -A FORWARD -p udp -j QUEUE
/usr/local/sbin/iptables -A FORWARD -p icmp -j QUEUE
/usr/local/sbin/iptables -A FORWARD -j LOG --log-prefix "POST QUEUE"

This is the output.

PRE QUEUEIN=br0 OUT=br0 PHYSIN=eth2 PHYSOUT=eth1 SRC=69.16.185.132 DST=69.16.185.130 LEN=41 TOS=0x00 PREC=0x00 TTL=64 
ID=3072 PROTO=TCP SPT=3133 DPT=49550 WINDOW=2048 RES=0x00 ACK URGP=0

POST QUEUEIN=br0 OUT=br0 PHYSIN=eth2 PHYSOUT=eth1 SRC=69.16.185.132 DST=69.16.185.130 LEN=41 TOS=0x00 PREC=0x00 TTL=64 
ID=3072 PROTO=TCP SPT=3133 DPT=49550 WINDOW=2048 RES=0x00 ACK URGP=0

I understand that the QUEUE target will never return a packet to the system unless the userspace program has processed 
the packet, so it appears that snort-inline is turned off or broken. Since I know that Snort-inline is running, does 
anyone have an idea about what would be causing the problem?

Thanks,
Michael