[Snort-devel] Snort forwarding/redirecting traffic based on alert

Joel Esler jesler at ...402...
Thu Oct 4 09:38:46 EDT 2012

On Oct 3, 2012, at 6:46 PM, Mr. Qoheleth <qoheleth26 at ...2499...> wrote:

> I am relatively new to Snort and wanted to do some development using Snort.  My goal is to put Snort in-line with the network as an IPS.  I would like to forward (or re-direct) traffic matching pre-set rules to a certain computer or IP (say honeypot address or something like that) and then traffic that does not meet any of my alert rules, I would like to direct it to a different system (say another system handling my external routing out of the network.)  Do you know of a way to accomplish this?
> i.e. Is there a way, using Snort to inspect network traffic and re-direct traffic based on various alert/rules/signatures?
> Thank you sooo much for your expertise!  

I don't know if the project is still active (last update appears to be 2009) but Honeywall did this:


Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20121004/36033c1c/attachment.html>

More information about the Snort-devel mailing list