[Snort-inline-users] Please help me

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I am new to this group and also new to snort_inline. I am using
snort_inline-2.2.0 and it's compiled for inline mode while configuring
I have provide --enable-inline option. Also installed the iptables
userspace utilities(libipq).

I have tested a simple icmp drop rule as below,

   drop icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP ping
packets dropped";)

I have some doubts in snort_inline please help me to clear them.

1) May I have to recompile my kernel for using snort_inline?

2) For using the snort_inline is it necessory to use honeynet?

3) Please prompt me if I am wrong, I am using snort_inline for
filtering purpose. I have added only one iptables rule as,

   iptables -A INPUT -p tcp --sport 80 -j QUEUE

and a simple rule in local.rules file as,

   alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"Packet from ip_queue");

and then i run the snort_inline,

   snort_inline -Qdvc /etc/snort_inline.conf -l /var/log/snort

After running snort_inline I started to browse the internet but the
site is not loaded.

please tell me what is going wrong.

Thanking you in advance.

-- Yogdutt Sonivadia