Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort inline mode and bridge

From: Vincent Li <vincent.mc.li () gmail com>
Date: Thu, 13 Oct 2016 15:59:05 -0700
Hi,

I am running snort in IPS afpacket inline mode (-i eth0:eth1) on a
lower end PC between my ISP modem and my home router in  my home
network. I use pulledpork to update signatures daily. I noticed that
if snort needs to be restarted ( I have not test reload on ubuntu
16.04 with systemd) to take the new signatures, during the restart
period, my home Internet is down for a few minutes because it took too
long for snort to load these rules on the lower end PC, my
understanding is that snort maintain the bridge in inline mode, if
snort is still processing rules during restart, the bridge is down and
no Internet access.

so my question is, is it possible to maintain the bridge up even
during snort restart, or set the bridge up early in snort startup
before loading rules....

or can I  create the bridge by Linux and let snort sniffing on the
bridge interface like -i br0 in IPS inline mode?

any input would be helpful.

Thanks

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: