Re: [Snort-inline-users] snort-inline with out ip_conntrack

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi

My question  is  "Is it necessary to mark packet for snort-inline to process.?"
 iptables -t mangle -A FORWARD -p tcp -s <xxxxxx> --syn -m state
 --state NEW -j MARK --set-mark 1

regards
murugavel


On Mon, 31 Jan 2005 09:22:06 +0000, Victor Julien <vi...@nk...> wrote:
> Murugavel Thiruvengadam wrote:
> > Hi,
> >
> > We have to implement snort-inline without ip_conntrack module.
> >
> > Is it possible?
> >
> > iptables -t mangle -A FORWARD -p tcp -s <xxxxxx> --syn -m state
> > --state NEW -j MARK --set-mark 1
> > iptables -t mangle -A FORWARD -p tcp -s <xxxxxxxxxx>  -m state --state
> > ESTABLISHED -j MARK --set-mark 2
> > iptables -A FORWARD -s <xxxxxxx>  -j QUEUE
> >
> >
> > In the above rule ipt_state using ip_conntrack module.
> >
> > Is there any other way to modify the rule without ip_conntack?
> >
> >
> > Regards
> > Murugavel
> >
> >
> >
> >
> >
> > 
> Hi Murugavel,
> 
> You can just use:
> 
> iptables -A FORWARD -j QUEUE
> 
> This way you send all forwarded traffic to snort_inline, and you won't
> need ip_conntrack.
> 
> Hope this helps,
> 
> Regards,
> Victor
> 


-- 

Regards
Muruga>>----le>
 "Success comes to the person who does today"