Snort mailing list archives
Re: snort does not sent reset in freebsd/ipfw inline mode
From: Russ Combs <rcombs () sourcefire com>
Date: Mon, 7 Feb 2011 09:30:31 -0500
On Fri, Feb 4, 2011 at 5:57 PM, Michael Scheidell < michael.scheidell () secnap com> wrote:
On 1/19/11 1:00 PM, Rajkumar S wrote: Hello, I am testing snort 2.9.0.3 with inline under FreeBSD 6.2-RELEASE-p12 and IPFW. Every thing seems working except that no packet gets dropped or reset is being sent. I have a (test ports) version of 2.9.0.3 and am trying to make sure ipfw/daq works. <http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/154514><http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/154514> I have never gotten this to work in the past, and am still confused. I am using snort Version 2.9.0.3 (Build 98) FreeBSD which is compiled with following options: ./configure --enable-flexresp3 --enable-react --enable-active-response did you find you needed the -Q in the command line? (man page seems to say this is for iptables only)
Oops - the man page is out of date wrt -Q and possibly elsewhere. Refer to READMEs and snort_manual for now. As for -Q and policy_mode, the best reference is section 1.9.5 of the manual which breaks it out in table form. I've bugged the man page. Thanks for reporting the issue.
did you find you needed this in snort.conf? config policy_mode:inline what sysctl's did you need to add to turn on ipfw filtering? (sysctl -a | egrep 'fw|bridge') this in a router mode? with an ip on each interface? or bridged? (with if_bridge?)? what ifconfig options did you use to create the bridge? -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300*| *SECNAP Network Security Corporation- Certified SNORT Integrator - 2008-9 Hot Company Award Winner, World Executive Alliance - Five-Star Partner Program 2009, VARBusiness - Best in Email Security,2010: Network Products Guide - King of Spam Filters, SC Magazine 2008 ------------------------------ This email has been scanned and certified safe by SpammerTrap®. For Information please see http://www.secnap.com/products/spammertrap/ ------------------------------ ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort does not sent reset in freebsd/ipfw inline mode Rajkumar S (Jan 19)
- Re: snort does not sent reset in freebsd/ipfw inline mode Rajkumar S (Jan 20)
- Re: snort does not sent reset in freebsd/ipfw inline mode Russ Combs (Jan 28)
- Re: snort does not sent reset in freebsd/ipfw inline mode Rajkumar S (Feb 03)
- Re: snort does not sent reset in freebsd/ipfw inline mode Russ Combs (Jan 28)
- Re: snort does not sent reset in freebsd/ipfw inline mode Michael Scheidell (Feb 04)
- Re: snort does not sent reset in freebsd/ipfw inline mode Russ Combs (Feb 07)
- Re: snort does not sent reset in freebsd/ipfw inline mode Rajkumar S (Jan 20)