Re: [Snort-inline-users] Snort Inline on FreeBSD

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

> I was wondering if anyone had any idea about the following error when
> running snort-inline on Freebsd?
 
> IpfwLoop: can't create divert socket: Protocol not supported

	This is because you didn't build your kernel with:

		options		IPDIVERT

	The default (GENERIC) kernel doesn't support divert sockets.  You 
	MUST build a new kernel.  See the FreeBSD handbook for more 
	information on building a kernel.

	In fact, to use snort-inline with FreeBSD you should build a 
	kernel with (at minimum):

		options		IPFIREWALL
		options		IPFIREWALL_VERBOSE
		options		IPDIVERT

	The version of snort-inline which this was designed for was
	the 4.X branch of FreeBSD.  Because of the drastic changes in the
	5.X branch, much more testing is needed.

	Also for you FreeBSD folks, I have not tested this with IPFW2.  
	Everything should work but it's not tested.

	I will try to do more testing and patching (if needed) sometime in 
	the near future, including submitting this to the ports 
	collection.

	On another note, has anyone asked the PF and IPF authors if there 
	are similar methods in their firewalls to get packets out of 
	firewall hooks?  An interface API or equivalent?
	 
> Thank you for your assistance in this matter

 	Can you CC me directly on regard to this matter.  I only get the 
	digest messages which are kludgey to respond to.  Thanks.

-- 
Nick Rogness <ni...@ro...>
-
  How many people here have telekenetic powers? Raise my hand.
  				-Emo Philips