Re: snort inline behavior

["/dev/null" <dev.null () BeginThread com>]

Update:  I setup a local machine the same way (-j ACCEPT to -j QUEUE,
running snort_inline).  Same problem.  I watched everything coming into the
firewall like normal (I have some logging in the firewall), but no traffic
actually went anywhere, all connections to and through the box died.

I changed my iptables to -j accept_queue (a newly created empty chain)
instead of -j QUEUE and then appended -j QUEUE and -j ACCEPT to
accept_queue.  Reloaded the iptables rules.  Didn't do a thing any
different.  My reasoning here is that perhaps packets that go to QUEUE only
get DROPed/REJECTed by snort_inline, but it doesn't actually ACCEPT anything
(that way multiple apps can read QUEUE and drop as appropriate).

So it appears that anything that goes down QUEUE never goes anywhere and
never does anything, even with snort_inline running.

Any ideas?

Thanks!



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users