List,
I have released snort_inline-2.4.4-RC5 which can be downloaded from
the following url:
http://snort-inline.sourceforge.net/download.html
We changed a lot of things between 2.4.3-RC4 and 2.4.4-RC5 so please
play with and break it if you can ;-). As a side note, I will be
teaching a class on snort_inline for the local Kansas City snort users
group. If anyone from the snort_inline-users list is interested let
me know, it looks like it will end up being about two day's worth of
material.
Regards,
Will
Here is a list o' things that have changes in this release...
Nick Added Reinject rule action for IPFW(see snort_inline.conf)
Dave added a fix for stuck packets under high load for NFQUEUE
Added support for stripping http headers out of packet payloads for
ClamAV, no we do not yet support chunked or gzip encoding so don't ask
;-).
Removed support for buffer scanning using ClamAV we now only support
scanning via file-descriptor-mode. If you defined
file-descriptor-mode for clamav in your snort_inline.conf before you
must now remove it.
Added fix for condition when ClamAV alerted and was followed by an
alert in snort, packet contents could not be logged.
Added new rule actions rejectsrc(same as reject), rejectdst, and
rejectboth(README.INLINE). It should be noted that rejectdst will not
work in combination with layer2resets as iptables only passes us the
src mac, if this the condition the packet will be dropped but no reset
will be sent.
Victor Added Experimental support for saving the stream4 state table
to disk at exit, this allows you to preserve an already established
sessions with stream4 and enforce_state enabled(see
snort_inline.conf).
|
