Menu
▾
▴
[Snort-inline-users] Queued tcp packets not going through
|
From: Swaminathan S. <ssr...@cs...> - 2004-10-12 23:56:13
|
hi all
I am new to snort-inline or even snort. I have been trying to get snort
inline(version 2.2.0 build 30) work on my machine for a very basic setup.
I wanted all the packets in and out of my machine to go through snort
=20
so I setup my iptables with these 2 rules (only these 2 rules)
iptables -A INPUT -j QUEUE
iptables -A OUTPUT -j QUEUE
Then I start my snort inline as
snort_inline -Qvc /etc/snort-inline/snort_inline.conf -l /var/log/snort
=20
I see my icmp and udp packets get through but not none of my tcp sessions(I=
=20
tried web and ssh) are intiated. I don't even see SYN packets
=20
I have used the sample snort_inline config file available with the distribu=
tion=20
with some changes to turning on preprocessors
=20
What am I missing ?
=20
thanks=20
Swami
--=20
|
