[Snort-users] Help needed with SNORT Inline

Piyush Joshi pj.netfilter at ...11827...
Wed Apr 14 01:51:48 EDT 2010


Dear All,
              This is my first post to this mailing list so please help me ....

I have downloaded and installed snort with inline functionality as
well as all dependency required to make it work. I am using Debian 5.0
and have two LAN interface which have been configured as a bridge. now
traffic is passing through this system and could also start snort as
follows:-

/usr/local/bin/snort  -Q -d -l /var/log/snort/ -c /etc/snort/snort.conf -s -D


loaded ip_queue module in kernel as well as send the traffic to snort
with the following two iptables command

iptables -A INPUT -j QUEUE
iptables -A FORWARD -j QUEUE

Now i want to convert all alert rules to drop and as per the guide
found oinkmaster can do the same as well as we can update the rules
from snort website ..

Now my question is when there is no connection can be made from snort
system due to running in bridge mode how will it update rules and how
can i convert all rules to drop ..

I want to reset all packets related to chat software like g-talk,
yahoo messanger ...

 Please let me know where i am going wrong ...

Thanks Regards

 Piyush Joshi




More information about the Snort-users mailing list