[Snort-devel] snort inline mode and bridge

Vincent Li vincent.mc.li at ...2499...
Fri Oct 14 13:16:03 EDT 2016


that is good idea, I definitely will try.

On Thu, Oct 13, 2016 at 8:26 PM, Y M <snort at ...3347...> wrote:
> Hello Vincent,
>
>
> I haven't tried this before, but when building Snort, there is this build
> option:
>
>
> "--enable-inline-init-failopen  Enable Fail Open during initialization for
> Inline Mode (adds pthread support implicitly)"
>
>
> Have you tried this? I would be interested to know if this achieves what you
> need.
>
>
> YM
>
> ________________________________
> From: Vincent Li <vincent.mc.li at ...2499...>
> Sent: Friday, October 14, 2016 1:59:05 AM
> To: snort-devel at lists.sourceforge.net
> Subject: [Snort-devel] snort inline mode and bridge
>
> Hi,
>
> I am running snort in IPS afpacket inline mode (-i eth0:eth1) on a
> lower end PC between my ISP modem and my home router in  my home
> network. I use pulledpork to update signatures daily. I noticed that
> if snort needs to be restarted ( I have not test reload on ubuntu
> 16.04 with systemd) to take the new signatures, during the restart
> period, my home Internet is down for a few minutes because it took too
> long for snort to load these rules on the lower end PC, my
> understanding is that snort maintain the bridge in inline mode, if
> snort is still processing rules during restart, the bridge is down and
> no Internet access.
>
> so my question is, is it possible to maintain the bridge up even
> during snort restart, or set the bridge up early in snort startup
> before loading rules....
>
> or can I  create the bridge by Linux and let snort sniffing on the
> bridge interface like -i br0 in IPS inline mode?
>
> any input would be helpful.
>
> Thanks
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!




More information about the Snort-devel mailing list