Menu
▾
▴
RE: [Snort-inline-users] Snort Inline on FreeBSD
|
From: Hess, B. <ben...@te...> - 2004-01-22 18:32:16
|
I was wondering if anyone had any idea about the following error when running snort-inline on Freebsd? IpfwLoop: can't create divert socket: Protocol not supported Thank you for your assistance in this matter Benjamin Hess Sr. Systems Engineer Technology Alliance Group (480)778-2400 ************************************************************* This e-mail and any files transmitted with it may contain confidential and/or proprietary information. It is intended solely for the use of the individual or entity who is the intended recipient. Unauthorized use of this information is prohibited. If you have received this in error, please contact the sender by replying to this message and delete this material from any system it may be on. ************************************************************* -----Original Message----- From: Hess, Ben Sent: Tuesday, January 13, 2004 12:44 PM To: 'Rob McMillen'; sno...@li... Subject: RE: [Snort-inline-users] Snort Inline on FreeBSD I have the ipfw setup with a divert command that seems to be working properly but when I attempt to initiate snort_inline it comes back with: IpfwLoop: can't create divert socket: Protocol not supported As soon as I can get a working product I will copy a rc.firewall file to the list for others to use. Benjamin Hess Sr. Systems Engineer Technology Alliance Group (480)778-2400 ************************************************************* This e-mail and any files transmitted with it may contain confidential and/or proprietary information. It is intended solely for the use of the individual or entity who is the intended recipient. Unauthorized use of this information is prohibited. If you have received this in error, please contact the sender by replying to this message and delete this material from any system it may be on. ************************************************************* -----Original Message----- From: Rob McMillen [mailto:rv...@ca... <mailto:rv...@ca...> ] Sent: Monday, January 12, 2004 7:02 PM To: sno...@li... Subject: Re: [Snort-inline-users] Snort Inline on FreeBSD -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Great! A volunteer to test out beta code. I've actually included some code that was provided to work on freebsd with ipfw and divert. If you know how to set up a divert socket and rules, you can use snort_inline. Warning!!! This has not been tested before. You would be the first, and feedback would be great!! You can compile it as follows: ./configure --enable-ipfw --with-mysql make make install The -J <port> uses ipfw divert socket <port> to listen on vice libpcap (FreeBSD only). If you have the time, a script to automatically setup the ipfw firewall for use with snort_inline would be great! Rob On Mon, 12 Jan 2004, Hess, Ben wrote: > Hello, > I am attempting to get snort-inline compiled and running on > freebsd. I was wondering if I am able to use the built in ipfw or if I have > to install IPTables? Also if I can use ipfw then what switch do I need to > add to the configure command to make it work? For when I run ./configure > -enable-inline -enable-mysql it errors out saying that the libipq.h is > missing. > > Thank you for all of your help, > > Benjamin Hess > Sr. Systems Engineer > Technology Alliance Group > (480)778-2400 > > > ************************************************************* > This e-mail and any files transmitted with it may > contain confidential and/or proprietary information. > It is intended solely for the use of the individual > or entity who is the intended recipient. > Unauthorized use of this information is prohibited. > If you have received this in error, please contact > the sender by replying to this message and delete > this material from any system it may be on. > ************************************************************* > > -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBQANRhfnAyY+9KLjdEQLGRACg416+qcDQYXb0nG61rNuj2kbZ/NkAni08 4gMopPv76uovMqVZl/E+17Ih =btV0 -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html <http://www.perforce.com/perforce/loadprog.html> _______________________________________________ Snort-inline-users mailing list Sno...@li... https://lists.sourceforge.net/lists/listinfo/snort-inline-users <https://lists.sourceforge.net/lists/listinfo/snort-inline-users> |
