Snort mailing list archives
Re: snort inline mode is not working with iptables
From: Hatim Alghamdi <hat_gh () yahoo com>
Date: Mon, 9 Aug 2010 00:26:21 -0700 (PDT)
I ran snort as following snort -c snort.empty -TQ and snort -c snort.empty -TQ --disable-inline-initialization The output was the same! I was expecting a different behavior. One thing I noticed is that the manual state that the rule application order is activation->dynamic->pass->drop->sdrop->reject->alert->log but snort in our case return this activation->dynamic->pass->drop->alert->log How can I tell if snort read/initialize IPTables? Regards, Hatim ________________________________ From: Russ Combs <rcombs () sourcefire com> To: Jason Brvenik <jason.brvenik () sourcefire com> Cc: Wael <netchildccie () hotmail com>; snort-users () lists sourceforge net; Jason Brvenik <jasonb () sourcefire com>; hat_gh () yahoo com; Will Metcalf <william.metcalf () gmail com> Sent: Sun, August 8, 2010 3:48:32 AM Subject: Re: [Snort-users] snort inline mode is not working with iptables On Sat, Aug 7, 2010 at 4:52 PM, Jason Brvenik <jason.brvenik () sourcefire com> wrote: Comment out all of the include lines in snort.conf, startup should indicate 0 rules loaded. In fact, try creating an empty conf and using that. Then add just the alert. Referring to your original setup, examine the packet log and ensure that you have all the echo responses (you were in the output chain). If that looks good run tcpdump on your ping machine and see what, if anything, is coming back. On Aug 7, 2010 5:21 PM, "Wael" <netchildccie () hotmail com> wrote:
Hello Jason, If I did not use iptables -j QUEUE; the ping is working. How Can I run snort with _NO_rule ?! Regards, Wael, On 8/7/10 9:32 PM, "Jason Brvenik" <jasonb () sourcefire com> wrote:I would suggest a ground up app...
------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: snort inline mode is not working with iptables, (continued)
- Re: snort inline mode is not working with iptables Will Metcalf (Aug 06)
- Re: snort inline mode is not working with iptables netchild ccie (Aug 06)
- Re: snort inline mode is not working with iptables Will Metcalf (Aug 06)
- Re: snort inline mode is not working with iptables netchild ccie (Aug 06)
- Re: snort inline mode is not working with iptables Russ Combs (Aug 06)
- Re: snort inline mode is not working with iptables Will Metcalf (Aug 06)
- Re: snort inline mode is not working with iptables Wael (Aug 07)
- Re: snort inline mode is not working with iptables Jason Brvenik (Aug 07)
- Re: snort inline mode is not working with iptables Wael (Aug 07)
- Message not available
- Message not available
- Re: snort inline mode is not working with iptables Russ Combs (Aug 07)
- Re: snort inline mode is not working with iptables Hatim Alghamdi (Aug 09)
- Re: snort inline mode is not working with iptables Joel Esler (Aug 09)
- Re: snort inline mode is not working with iptables netchild ccie (Aug 06)
- Re: snort inline mode is not working with iptables Will Metcalf (Aug 06)