Re: snort-inline question

[<seclists () violating us>]

Harry:

Using the normal non-inline version of snort, you still have access to
packets on your wire even if iptables explicitly blocks traffic on that
interface.  I can send you specific (sanitized) logs and rules if you
can't take my word for it.

-jof



> --On Tuesday, October 07, 2003 06:35:51 AM -0500 seclists () violating us
> wrote:
>
> > I'm sure this will be asked or told to you a hundred times, but:
> >
> > If all you want snort to do is look at packets, why did you use
> > snort-inline instead of snort? did you look at the docs at all?
> >
> > The whole point of using snort-inline is to use iptables.  It's like
> > ordering a cheeseburger and then complaining that it has cheese. Go
> > get a hamburger...
>
> The point is, that snort does not see anything when iptables is
> restricting  access to the machine.
>
> I want snort to look at all packages on the interface but iptables still
> to  work as a stateful firewall and both at the same time is a little
> tricky.
>
> Harry
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users