Re: [Snort-inline-users] snort-inline with out ip_conntrack

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Murugavel Thiruvengadam wrote:
> Hi,
> 
> We have to implement snort-inline without ip_conntrack module.
> 
> Is it possible?
> 
> iptables -t mangle -A FORWARD -p tcp -s <xxxxxx> --syn -m state
> --state NEW -j MARK --set-mark 1
> iptables -t mangle -A FORWARD -p tcp -s <xxxxxxxxxx>  -m state --state
> ESTABLISHED -j MARK --set-mark 2
> iptables -A FORWARD -s <xxxxxxx>  -j QUEUE
> 
> 
> In the above rule ipt_state using ip_conntrack module. 
> 
> Is there any other way to modify the rule without ip_conntack?
> 
> 
> Regards
> Murugavel
> 
> 
> 
> 
> 
> 
Hi Murugavel,

You can just use:

iptables -A FORWARD -j QUEUE

This way you send all forwarded traffic to snort_inline, and you won't 
need ip_conntrack.

Hope this helps,

Regards,
Victor