Menu
▾
▴
Re: [Snort-inline-users] snort_inline on Hp-ux? (was: Re: Snort-inline-users digest, Vol 1 #222 - 1 msg)
|
From: Nick R. <ni...@ro...> - 2004-09-12 02:18:39
|
On Fri, 3 Sep 2004, Victor Julien wrote: > Hi Prabu, > > I don't know if it can work, but a quick search in Google tells me Hp-ux is > using IPFW, which Snort_inline supports. So i would say, give it a go and > post errors, problems or success stories to the snort_inline-users > mailinglist. We will try to assist you where possible. > > Be sure to use ./configure --enable-ipfw when building... > > If someone knows that this can't work for some reason, please correct me! IPFW support in snort-inline is built specifically for FreeBSD. The name ipfw is deceiving because it is short for ip firewall, which is used as a generic name for several firewalls (including one for HP-UX). Specifically, you need divert sockets in conjunction with IPFW for anything to work right, which is a FreeBSD thing. The only OS I know works with IPFW is FreeBSD, although other OSs with divert socket support could work. IPFW is just the tool to send packets to a divert socket (kernel->snort_inline), i.e. it is more important that you have divert sockets support than IPFW. In fact, you could write an app that sends packets from the BPF (or the like) to a divert socket (snort_inline) and bypass IPFW all together...although it would defeat the purpose ;-) So I would take a guess that it won't work. Sorry. Nick Rogness <ni...@ro...> - How many people here have telekenetic powers? Raise my hand. -Emo Philips |
