Snort mailing list archives
Re: snort does not sent reset in freebsd/ipfw inline mode
From: Michael Scheidell <michael.scheidell () secnap com>
Date: Fri, 4 Feb 2011 17:57:55 -0500
On 1/19/11 1:00 PM, Rajkumar S wrote:
I have a (test ports) version of 2.9.0.3 and am trying to make sure ipfw/daq works.Hello, I am testing snort 2.9.0.3 with inline under FreeBSD 6.2-RELEASE-p12 and IPFW. Every thing seems working except that no packet gets dropped or reset is being sent.
<http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/154514> I have never gotten this to work in the past, and am still confused.
I am using snort Version 2.9.0.3 (Build 98) FreeBSD which is compiled with following options: ./configure --enable-flexresp3 --enable-react --enable-active-response
did you find you needed the -Q in the command line? (man page seems to say this is for iptables only) did you find you needed this in snort.conf? config policy_mode:inline what sysctl's did you need to add to turn on ipfw filtering? (sysctl -a | egrep 'fw|bridge')this in a router mode? with an ip on each interface? or bridged? (with if_bridge?)?
what ifconfig options did you use to create the bridge? -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 >*| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 ______________________________________________________________________This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort does not sent reset in freebsd/ipfw inline mode Rajkumar S (Jan 19)
- Re: snort does not sent reset in freebsd/ipfw inline mode Rajkumar S (Jan 20)
- Re: snort does not sent reset in freebsd/ipfw inline mode Russ Combs (Jan 28)
- Re: snort does not sent reset in freebsd/ipfw inline mode Rajkumar S (Feb 03)
- Re: snort does not sent reset in freebsd/ipfw inline mode Russ Combs (Jan 28)
- Re: snort does not sent reset in freebsd/ipfw inline mode Michael Scheidell (Feb 04)
- Re: snort does not sent reset in freebsd/ipfw inline mode Russ Combs (Feb 07)
- Re: snort does not sent reset in freebsd/ipfw inline mode Rajkumar S (Jan 20)