Re: [Devil-Linux-discuss] Snort Inline

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Fri, Sep 3, 2010 at 10:42 AM, Bradlee Landis <bra...@gm...> wrote:
> Is snort-inline working correctly?

It looks like it's probably not working correctly, but I don't know
for sure. It gives me this

  # snort -Qc /etc/snort/snort.conf -N -A console
  Enabling inline operation
  Running in IDS mode
  == CUT ==
  *** interface device lookup found: bond0
  ***
  Initializing Network Interface bond0
  Decoding Ethernet on interface bond0
  == CUT ==
  Not Using PCAP_FRAMES

So it says inline, but it also says using bond0, which it shouldn't
have to initialize on an interface since it is getting the packets
from iptables, right?

It works without a QUEUE target in iptables, which is not what I was expecting.

Anyways, any help would be appreciated.

-- 
Thanks,
Brad Landis