[Snort-inline-users] snort_inline not dropping packets

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I have tried to run Snort_inline in two methods with drop rules.
But I don't find any packets being dropped. What might be the problem?

[root@testpc ~]# snort_inline -c /etc/snort_inline/snort_inline.conf -l
/var/log/snort_inline/ -A console -i eth0

Running in IDS mode
Initializing Network Interface eth0

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort_inline/snort_inline.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
,-----------[Flow Config]----------------------
| Stats Interval:  0
| Hash Method:     2
| Memcap:          10485760
| Rows  :          4099
| Overhead Bytes:  16400(%0.16)
`----------------------------------------------

Rule application order:
->activation->dynamic->drop->sdrop->reject->rejectboth->rejectsrc->rejectdst->alert->pass->log
Log directory = /var/log/snort_inline/

        --== Initialization Complete ==--

   ,,_     -*> Snort_Inline! <*-
  o"  )~   Version 2.4.5 (Build 29)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/team.html
           (C) Copyright 1998-2005 Sourcefire Inc., et al.
           Snort_Inline Mod by William Metcalf, Victor Julien, Nick Rogness,
           Dave Remien, Rob McMillen and Jed Haile
 NOTE: Snort's default output has changed in version 2.4.1!
       The default logging mode is now PCAP, use "-K ascii" to activate
       the old default logging mode.

^C

===============================================================================

Snort received 769 packets
    Analyzed: 769(100.000%)
    Dropped: 0(0.000%)
===============================================================================
Breakdown by protocol:
    TCP: 104        (13.524%)
    UDP: 153        (19.896%)
   ICMP: 0          (0.000%)
    ARP: 307        (39.922%)
  EAPOL: 0          (0.000%)
   IPv6: 6          (0.780%)
ETHLOOP: 0          (0.000%)
    IPX: 3          (0.390%)
   FRAG: 0          (0.000%)
  OTHER: 198        (25.748%)
DISCARD: 0          (0.000%)
===============================================================================
Action Stats:
ALERTS: 0
LOGGED: 0
PASSED: 0
===============================================================================
TCP Stream Reassembly Stats:
    TCP Packets Used: 9          (1.170%)
    Stream Trackers: 4
    Stream flushes: 0
    Segments used: 0
    Stream4 Memory Faults: 0
===============================================================================
Final Flow Statistics
,----[ FLOWCACHE STATS ]----------
Memcap: 10485760 Overhead Bytes 16400 used(%0.241756)/blocks (25350/51)
Overhead blocks: 1 Could Hold: (58579)
IPV4 count: 50 frees: 0
low_time: 1298537116, high_time: 1298537132, diff: 0h:00:16s
    finds: 124 reversed: 0(%0.000000)
    find_sucess: 74 find_fail: 50
percent_success: (%59.677419) new_flows: 50
 Protocol: 6 (%7.258065)
   finds: 9
   reversed: 0(%0.000000)
   find_sucess: 5
   find_fail: 4
   percent_success: (%55.555556)
   new_flows: 4
 Protocol: 17 (%92.741935)
   finds: 115
   reversed: 0(%0.000000)
   find_sucess: 69
   find_fail: 46
   percent_success: (%60.000000)
   new_flows: 46
Snort exiting

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[root@testpc ~]# snort_inline -c /etc/snort_inline/snort_inline.conf -Q -N
-l /var/log/snort_inline/ -t /var/log/snort_inline/ -v
Reading from iptables
Running in IDS mode
Initializing Inline mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Setting the Packet Processor to decode packets from iptables
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort_inline/snort_inline.conf
~~~~~~~~~~~~~~~~~~~~~
Rule application order:
->activation->dynamic->drop->sdrop->reject->rejectboth->rejectsrc->rejectdst->alert->pass->log
Log directory = /var/log/snort_inline/

        --== Initialization Complete ==--

   ,,_     -*> Snort_Inline! <*-
  o"  )~   Version 2.4.5 (Build 29)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/team.html
           (C) Copyright 1998-2005 Sourcefire Inc., et al.
           Snort_Inline Mod by William Metcalf, Victor Julien, Nick Rogness,
           Dave Remien, Rob McMillen and Jed Haile
 NOTE: Snort's default output has changed in version 2.4.1!
       The default logging mode is now PCAP, use "-K ascii" to activate
       the old default logging mode.

Snort processed 0 packets.
============================================================
Action Stats:
ALERTS: 0
LOGGED: 0
PASSED: 0
===============================================================================
Final Flow Statistics
,----[ FLOWCACHE STATS ]----------
Memcap: 10485760 Overhead Bytes 16400 used(%0.156403)/blocks (16400/1)
Overhead blocks: 1 Could Hold: (0)
IPV4 count: 0 frees: 0
low_time: 0, high_time: 0, diff: 0h:00:00s
    finds: 0 reversed: 0(%0.000000)
    find_sucess: 0 find_fail: 0
percent_success: (%0.000000) new_flows: 0
Snort exiting