[Snort-inline-users] snort-inline with out ip_conntrack

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

We have to implement snort-inline without ip_conntrack module.

Is it possible?

iptables -t mangle -A FORWARD -p tcp -s <xxxxxx> --syn -m state
--state NEW -j MARK --set-mark 1
iptables -t mangle -A FORWARD -p tcp -s <xxxxxxxxxx>  -m state --state
ESTABLISHED -j MARK --set-mark 2
iptables -A FORWARD -s <xxxxxxx>  -j QUEUE

In the above rule ipt_state using ip_conntrack module. 

Is there any other way to modify the rule without ip_conntack?

Regards
Murugavel

-- 

Regards
Muruga>>----le>
 "Success comes to the person who does today"