Snort mailing list archives
Re: Snort Inline w/ NFQ doesn't work after reboot
From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 29 Nov 2016 11:41:03 -0700
On 2016-11-29 11:31, J Green wrote:
Appreciate the response. Firewalld/iptables is up. Though the only rule I have in there is for access to the Barnyard web gui. Thought that rules for inline were added as follows? iptables -t nat -I PREROUTING -j NFQUEUE --queue-num 1 iptables -I FORWARD -j NFQUEUE --queue-num 1 I did have this more granular, only allowing specific ports through the bridge, but opened it up for troubleshooting purposes. All interfaces are up and respond to pings. I know that I am missing something simple. Thank you.
They are added, but once you reboot they are lost. You'll need to either create a script to readd them on boot or use iptables-save/iptables-restore commands. James
On Tue, Nov 29, 2016 at 9:25 AM, James Lay <jlay () slave-tothe-box net> wrote:On 2016-11-28 14:28, J Green wrote:Compiled Snort 2.9.8.3 & DAQ, CentOS 7 (VM). It works w/ NFQ inline. However, if I reboot the VM, NFQ nolongerseems to work. I do not see anything in the logs, etc. Here is how I am running Snort: snort -Q --daq nfq --daq-var device=eth0 --daq-var queue=1 -c /etc/snort/snort.conf & iptables -t nat -I PREROUTING -j NFQUEUE --queue-num 1 iptables -I FORWARD -j NFQUEUE --queue-num 1 barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -fsnort.us [1][1] -w /var/log/snort/barnyard.waldo -g snort -u snort Any input would be appreciated. Thank you. Links: ------ [1] http://snort.us------------------------------------------------------------------------------_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users [2] Snort-users list archive:http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users [3]Please visit http://blog.snort.org to stay current on all thelatestSnort news!Make sure your IP tables rules are reapplied on reboot. James------------------------------------------------------------------------------_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users [2] Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users [3] Please visit http://blog.snort.org to stay current on all the latest Snort news!Links: ------ [1] http://snort.us [2] https://lists.sourceforge.net/lists/listinfo/snort-users [3] http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort Inline w/ NFQ doesn't work after reboot J Green (Nov 28)
- Re: Snort Inline w/ NFQ doesn't work after reboot James Lay (Nov 29)
- Re: Snort Inline w/ NFQ doesn't work after reboot J Green (Nov 29)
- Re: Snort Inline w/ NFQ doesn't work after reboot James Lay (Nov 29)
- Re: Snort Inline w/ NFQ doesn't work after reboot J Green (Nov 29)
- Re: Snort Inline w/ NFQ doesn't work after reboot James Lay (Nov 29)
- Re: Snort Inline w/ NFQ doesn't work after reboot J Green (Nov 29)
- Re: Snort Inline w/ NFQ doesn't work after reboot James Lay (Nov 29)
- Re: Snort Inline w/ NFQ doesn't work after reboot J Green (Nov 29)
- Re: Snort Inline w/ NFQ doesn't work after reboot J Green (Nov 29)
- Re: Snort Inline w/ NFQ doesn't work after reboot James Lay (Nov 29)
- Re: Snort Inline w/ NFQ doesn't work after reboot J Green (Nov 29)
- Re: Snort Inline w/ NFQ doesn't work after reboot J Green (Nov 29)
- Re: Snort Inline w/ NFQ doesn't work after reboot James Lay (Nov 30)
- Re: Snort Inline w/ NFQ doesn't work after reboot J Green (Nov 29)
- Re: Snort Inline w/ NFQ doesn't work after reboot James Lay (Nov 29)