Re: Snort inline and ip_queue

[Stephan Scholz <sscholz () astaro com>]

Have you added the -Q option when starting Snort?
Otherwise Snort runs in normal sniffer mode only.

Stephan

> I have installed snort_inline, and have ip_queue installed as a module,
> after some tweaking to the .conf file I have snort_inline fired up now,
>
> but none of my tests are generating logs or seem to be working,
> it seems nothing is being passed from iptables to the user space queue.
>
> I wasn't really sure what I should have as a rule in iptables, so I used
> this:
>
> iptables -A FORWARD -i eth0 -j QUEUE
>
> and it is the only rule.
>
> Anyone know what I am missing here?
> (I have snort working as a regular sniffer / IDS on many other systems,
> but I was looking for real-time sig based IPS functionality)


--
Stephan Scholz <sscholz () astaro com> | Development
Astaro AG | www.astaro.com | Phone +49-721-490069-0 | Fax -55

Awards for ASL:
- Nätverk & Kommunikation Magazine, Sweden: "Five Stars" - October 2003
- Linux Enterprise Readers' Choice Award: Best Firewall - October 2003
- LinuxWorld Product Excellence Award: Best Security Solution - August 2003
- "Excellent" Infoworld Magazine - August 2003



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users