Snort mailing list archives
Re: snort inline mode and bridge
From: Vincent Li <vincent.mc.li () gmail com>
Date: Fri, 14 Oct 2016 10:16:03 -0700
that is good idea, I definitely will try. On Thu, Oct 13, 2016 at 8:26 PM, Y M <snort () outlook com> wrote:
Hello Vincent, I haven't tried this before, but when building Snort, there is this build option: "--enable-inline-init-failopen Enable Fail Open during initialization for Inline Mode (adds pthread support implicitly)" Have you tried this? I would be interested to know if this achieves what you need. YM ________________________________ From: Vincent Li <vincent.mc.li () gmail com> Sent: Friday, October 14, 2016 1:59:05 AM To: snort-devel () lists sourceforge net Subject: [Snort-devel] snort inline mode and bridge Hi, I am running snort in IPS afpacket inline mode (-i eth0:eth1) on a lower end PC between my ISP modem and my home router in my home network. I use pulledpork to update signatures daily. I noticed that if snort needs to be restarted ( I have not test reload on ubuntu 16.04 with systemd) to take the new signatures, during the restart period, my home Internet is down for a few minutes because it took too long for snort to load these rules on the lower end PC, my understanding is that snort maintain the bridge in inline mode, if snort is still processing rules during restart, the bridge is down and no Internet access. so my question is, is it possible to maintain the bridge up even during snort restart, or set the bridge up early in snort startup before loading rules.... or can I create the bridge by Linux and let snort sniffing on the bridge interface like -i br0 in IPS inline mode? any input would be helpful. Thanks ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort! ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort inline mode and bridge Vincent Li (Oct 13)
- Re: snort inline mode and bridge Y M (Oct 13)
- Re: snort inline mode and bridge Vincent Li (Oct 14)
- Re: snort inline mode and bridge Vincent Li (Oct 25)
- Re: snort inline mode and bridge Russ (Oct 25)
- Re: snort inline mode and bridge Vincent Li (Oct 26)
- Re: snort inline mode and bridge Russ (Oct 27)
- Re: snort inline mode and bridge Vincent Li (Oct 27)
- Re: snort inline mode and bridge Y M (Nov 01)
- Re: snort inline mode and bridge Vincent Li (Nov 01)
- Re: snort inline mode and bridge Y M (Nov 01)
- Re: snort inline mode and bridge Y M (Oct 13)