Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort-inline

From: Ales Stibal <astib () giganet cz>
Date: Tue, 18 Mar 2003 17:10:27 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello list,
I have big problem to run snort-inline on single host. I wanted my box to be
protected by snort-inline, but I failed to do so.
I tried to run various kernels, only one that seems to allow snort do
it's job
on QUEUE is vanilla 2.4.20 ( recently I tried same versions, but gentoo
patches,
including P-O-M of netfilter)

I am running iptables commands:

iptables -A INPUT -d $ETH0_IP -m state --state ESTABLISHED,RELATED -j QUEUE
//FIXME: the line bellow seems obsolete to me ... (unreachable)
iptables -A INPUT -d $ETH0_IP -m state --state ESTABLISHED,RELATED -j ACCEPT

With this rule packet successfully fall to QUEUE, is detected by
snort_inline
(it's shown when using -v flag), but nothing is passed trough.

Any help is more than welcomed, I am running out of new ideas.

Thanx in advance!

        RIP,

                Astib();
- --
A l e s  S t i b a l, Wintel free, powered by AthlonXP and Gentoo Linux.
<astib () giganet cz> Giganet.cz community network, Litomerice, Czech Republic
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBPndE8kWf4FKnBsR/AQLMhwf9ELNIudcau04VE/6USrnKhw2Z9rvXNeag
ekv8R3XbCPWRWjJnfL7QhP9ZjahvtQdTQEdfHjNlcPpKSKtPnaBLj8fOvTWAcuRe
D5MrlZzUxAdR6iuyn1QHDMomqlM16XUU9a2xzWplHvnyjSKwgfaUdM15XH4/7xJr
18tOp8ktCTaMaOureGcfmLggoMQwfVECVrR5BZ+NT4nFVewSXc8ewIPQ8Q1lAu4p
9LjEMosdy4cOPcktZnlMiOC4PbtUOwu7Vp4mRR/4Zo4DvZxZIHnexiQBS4n1xkzc
48O715KCgJ24LDtYctKfUVqzkrk2JpSMBh84FCs/Zo/ZEz2wxVfOLw==
=c7Uy
-----END PGP SIGNATURE-----




-------------------------------------------------------
This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? 
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: