afpacket and inline mode

[Michael David <michael.d.torino () gmail com>]

I am trying to configure snort to run in inline mode between a cable modem
and router.  My config tests fine and will run.  When snort is running all
traffic is blocked in and outbound, but the log grows.  When I terminate
snort I can view and log all in and outbound traffic and Internet service
returns to the LAN.

I don't understand why this is happening.  Shouldn't inline mode let all
traffic pass and let the rules allow, block and drop?

Here are some of my configurations and setup for the ports.

snort -A console -c /etc/snort/snort.conf -Q -i eth0:eth1 --daq afpacket
--daq-mode inline

ifconfig eth0 0.0.0.0
ip link set eth0 multicast off
ip link set eth0 promisc on
ethtool -s eth0 speed 100 duplex full
for i in rx tx sg tso ufo gso gro lro; do ethtool -K eth0 $i off; done

ifconfig eth1 0.0.0.0
ip link set eth1 multicast off
ip link set eth1 promisc on
ethtool -s eth1 speed 100 duplex full
for i in rx tx sg tso ufo gso gro lro; do ethtool -K eth1 $i off; done

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!