[Snort-users] Snort inline with pf

Huzeyfe ONAL huzeyfe.onal at ...11827...
Mon Oct 15 10:53:07 EDT 2007


I didn't try but there's a user space packet queueing patch for OpenBSD.

> http://www.openbeer.it/?open=pq.



Victor Julien wrote:
> Алексей Кудрявцев wrote:
>   
>> Hi !!! Please help me with my question. How i can run Snort in inline
>> mode with pf ? 
>>   
>>     
> No you can't, as pf does not support divert sockets. You can use FreeBSD
> with ipfw or Linux. Otherwise you may want to have a look at snortsam
> and Snort in IDS mode with active responses enabled.
>
> Cheers,
> Victor
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20071015/f6a32bf3/attachment.html>


More information about the Snort-users mailing list