Is snort-inline working correctly? When I run these, it just seems to
drop all packets:
iptables -A INPUT -j QUEUE
snort -QDc /etc/snort/snort.conf
I downloaded the latest rules from snort, so maybe something is
missing from my config, but I've searched and searched, and had no
On Fri, Sep 3, 2010 at 10:42 AM, Bradlee Landis <bradleelandis@...> wrote:
> Is snort-inline working correctly?
It looks like it's probably not working correctly, but I don't know
for sure. It gives me this
# snort -Qc /etc/snort/snort.conf -N -A console
Enabling inline operation
Running in IDS mode
== CUT ==
*** interface device lookup found: bond0
Initializing Network Interface bond0
Decoding Ethernet on interface bond0
== CUT ==
Not Using PCAP_FRAMES
So it says inline, but it also says using bond0, which it shouldn't
have to initialize on an interface since it is getting the packets
from iptables, right?
It works without a QUEUE target in iptables, which is not what I was expecting.
Anyways, any help would be appreciated.
Get latest updates about Open Source Projects, Conferences and News.