Snort inline and ip_queue

[neil <neil () bellsimons com>]

I have installed snort_inline, and have ip_queue installed as a module,
after some tweaking to the .conf file I have snort_inline fired up now,

but none of my tests are generating logs or seem to be working,
it seems nothing is being passed from iptables to the user space queue.

I wasn't really sure what I should have as a rule in iptables, so I used
this:

iptables -A FORWARD -i eth0 -j QUEUE

and it is the only rule.

Anyone know what I am missing here?
(I have snort working as a regular sniffer / IDS on many other systems,
but I was looking for real-time sig based IPS functionality)

Thanks in advance

Nox
www.pheusion.com



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users