[Snort-users] InlineDrop() issues with snort_inline
xendevid at ...11827...
Sun Apr 19 00:16:50 EDT 2009
i also verified that snort is receiving packets from iptables (from
ip_queue). I start snort as
snort_inline -k none -Q
My iptables rules are as follows:
iptables -A INPUT -p udp -j QUEUE
I confirmed that snort is receiving the incoming packets. I wish to drop
certain packets based on content by calling InlineDrop().
I have further verified that snort is calling ipq_set_verdict(ipqh,
m->packet_id, NF_DROP, 0, NULL); function.
I also checked its return value to be non negative.
Is there anything that I am missing? Do I need to add any additional rules
My undersanding is that I can just use InlineDrop to dynamically drop
Thanks in advance!
On Sat, Apr 18, 2009 at 10:18 PM, Devdutt Patnaik <xendevid at ...11827...>wrote:
> Hi All,
> I am using InlineDrop() in my own custom preprocessor code.
> I need to drop certain packets using code in my preprocessor to implement
> an IPS like functionality.
> I setup snort_inline and it looks ok when I start it - it says "running in
> inline mode" etc.
> However, even after calls to InlineDrop(), the application still sees the
> We verified that the function is being called for each packet.
> Am i missing something in the setup or the usage of the function ? Please
> let us know.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users