Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort-2.9.4, daq 2.0.1 afpacket in inline mode snort fails to drop packets even when RULE is set to drop

From: Robert Greenhouse <rgreenhouse413 () gmail com>
Date: Thu, 15 Aug 2013 16:43:43 -0400
Hi,
snort-2.9.4, daq 2.0.1 afpacket in inline mode snort fails to drop packets even when RULE is set to drop?
We have our system setup to inline mode using afpacket (./snort --daq afpacket -i eth0:eth1).

Also have iptables configured to: 

iptables -I FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -I FORWARD -i eth1 -o eth0 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward

Why doesn’t snort drop the packet when the rule fires?

This is a major problem

Thanks,
Richard

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: