Snort mailing list archives

Re: snort inline mode and bridge

From: Y M <snort () outlook com>
Date: Fri, 14 Oct 2016 03:26:12 +0000

Hello Vincent,


I haven't tried this before, but when building Snort, there is this build option:


"--enable-inline-init-failopen  Enable Fail Open during initialization for Inline Mode (adds pthread support 
implicitly)"


Have you tried this? I would be interested to know if this achieves what you need.


YM

________________________________
From: Vincent Li <vincent.mc.li () gmail com>
Sent: Friday, October 14, 2016 1:59:05 AM
To: snort-devel () lists sourceforge net
Subject: [Snort-devel] snort inline mode and bridge

Hi,

I am running snort in IPS afpacket inline mode (-i eth0:eth1) on a
lower end PC between my ISP modem and my home router in  my home
network. I use pulledpork to update signatures daily. I noticed that
if snort needs to be restarted ( I have not test reload on ubuntu
16.04 with systemd) to take the new signatures, during the restart
period, my home Internet is down for a few minutes because it took too
long for snort to load these rules on the lower end PC, my
understanding is that snort maintain the bridge in inline mode, if
snort is still processing rules during restart, the bridge is down and
no Internet access.

so my question is, is it possible to maintain the bridge up even
during snort restart, or set the bridge up early in snort startup
before loading rules....

or can I  create the bridge by Linux and let snort sniffing on the
bridge interface like -i br0 in IPS inline mode?

any input would be helpful.

Thanks

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

snort inline mode and bridge Vincent Li (Oct 13)
- Re: snort inline mode and bridge Y M (Oct 13)
  - Re: snort inline mode and bridge Vincent Li (Oct 14)
  - Re: snort inline mode and bridge Vincent Li (Oct 25)
    - Re: snort inline mode and bridge Russ (Oct 25)
    - Re: snort inline mode and bridge Vincent Li (Oct 26)
    - Re: snort inline mode and bridge Russ (Oct 27)
    - Re: snort inline mode and bridge Vincent Li (Oct 27)
    - Re: snort inline mode and bridge Y M (Nov 01)
    - Re: snort inline mode and bridge Vincent Li (Nov 01)
    - Re: snort inline mode and bridge Y M (Nov 01)