[Snort-users] Help needed with SNORT Inline
pj.netfilter at ...11827...
Wed Apr 14 01:51:48 EDT 2010
This is my first post to this mailing list so please help me ....
I have downloaded and installed snort with inline functionality as
well as all dependency required to make it work. I am using Debian 5.0
and have two LAN interface which have been configured as a bridge. now
traffic is passing through this system and could also start snort as
/usr/local/bin/snort -Q -d -l /var/log/snort/ -c /etc/snort/snort.conf -s -D
loaded ip_queue module in kernel as well as send the traffic to snort
with the following two iptables command
iptables -A INPUT -j QUEUE
iptables -A FORWARD -j QUEUE
Now i want to convert all alert rules to drop and as per the guide
found oinkmaster can do the same as well as we can update the rules
from snort website ..
Now my question is when there is no connection can be made from snort
system due to running in bridge mode how will it update rules and how
can i convert all rules to drop ..
I want to reset all packets related to chat software like g-talk,
yahoo messanger ...
Please let me know where i am going wrong ...
More information about the Snort-users