Honeypots mailing list archives
snort-inline
From: Ales Stibal <astib () giganet cz>
Date: Tue, 18 Mar 2003 16:36:24 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello list, I have big problem to run snort-inline on single host. I wanted my box to be protected by snort-inline, but I failed to do so. I tried to run various kernels, only one that seems to allow snort do it's job on QUEUE is vanilla 2.4.20 ( recently I tried same versions, but gentoo patches, including P-O-M of netfilter) I am running iptables commands: iptables -A INPUT -d $ETH0_IP -m state --state ESTABLISHED,RELATED -j QUEUE //FIXME: the line bellow seems obsolete to me ... (unreachable) iptables -A INPUT -d $ETH0_IP -m state --state ESTABLISHED,RELATED -j ACCEPT With this rule packet successfully fall to QUEUE, is detected by snort_inline (it's shown when using -v flag), but nothing is passed trough. Any help is more than welcomed, I am running out of new ideas. Thanx in advance! RIP, Astib(); - -- A l e s S t i b a l, Wintel free, powered by AthlonXP and Gentoo Linux. <astib () giganet cz> Giganet.cz community network, Litomerice, Czech Republic -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBPnc890Wf4FKnBsR/AQIjzgf/ZYjixgUmHCVK8j6VDHqIq1kjEbLBwskJ LMlgMtndqnqssiTrq7QAVmnMxqZ9bRRe/BtTMRPfjY1/hsDwIMiKFXcnYm9JCAss mxiM+dmKstqsI64JH8L+XyINuqTNec9oDG6f2s/tRpjGHCip6hsZkMTBssrwcUK1 0Bx50ubkUILX+Zs1Xl9C+lQI7f1S/F9ngibRlRxkzyW7ukUaA2suVFJX8CwNsgtS izfwuBsI4sKTp9Flho02rjv2ssIs+0AAI8nu5uOqIZibSJbiMZ23D8XaW9EQRPTt TNBdQHqWIF++zOtIDP3Vb36ejspO/GKdbYvg7iVoy2TFnj+zR+ByVA== =txOY -----END PGP SIGNATURE-----
Current thread:
- snort-inline Ales Stibal (Mar 18)
- Re: snort-inline Rob McMillen (Mar 18)