Menu
▾
▴
Re: [Snort-inline-users] Please help me
|
From: Will M. <wil...@gm...> - 2004-10-19 14:35:11
|
try modprobe iptable_nat modprobe ip_conntrack and then re-run snort_inline. Regards, Will On Tue, 19 Oct 2004 18:25:03 +0530, Yogdutt Sonivadia <son...@gm...> wrote: > Hi, > > I am new to this group and also new to snort_inline. I am using > snort_inline-2.2.0 and it's compiled for inline mode while configuring > I have provide --enable-inline option. Also installed the iptables > userspace utilities(libipq). > > I have tested a simple icmp drop rule as below, > > drop icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP ping > packets dropped";) > > I have some doubts in snort_inline please help me to clear them. > > 1) May I have to recompile my kernel for using snort_inline? > > 2) For using the snort_inline is it necessory to use honeynet? > > 3) Please prompt me if I am wrong, I am using snort_inline for > filtering purpose. I have added only one iptables rule as, > > iptables -A INPUT -p tcp --sport 80 -j QUEUE > > and a simple rule in local.rules file as, > > alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"Packet from ip_queue"); > > and then i run the snort_inline, > > snort_inline -Qdvc /etc/snort_inline.conf -l /var/log/snort > > After running snort_inline I started to browse the internet but the > site is not loaded. > > please tell me what is going wrong. > > Thanking you in advance. > > -- Yogdutt Sonivadia > > ------------------------------------------------------- > This SF.net email is sponsored by: IT Product Guide on ITManagersJournal > Use IT products in your business? Tell us what you think of them. Give us > Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more > http://productguide.itmanagersjournal.com/guidepromo.tmpl > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
