[Snort-users] Question for the Guru's
john at ...15436...
Wed Nov 16 18:02:40 EST 2011
>> Yes Snort does the bridging.
>> You do not create a bridge as daq does that for you. I simply (after
>> asking the same question) added this into snort.conf:
>> config daq: afpacket
>> config daq_dir: /usr/lib64/daq
>> config daq_mode: inline
>> config daq_var: buffer_size_mb=256
>> Where you spec eth0:eth1 ( or whatever) can be distro specific.
>> I would imagine using NFQ would offer more control via iptables but have
>> yet to push down that road. Af-packet works well.
> Thanks Bill! I'm off in the right direction!
Thanks again Bill for the boot in the right direction!
Ubuntu 10.04 LTS is working great with 184.108.40.206 using afpacket.
Drops packets wonderfully where told to do so : ]]
I guess someone needs (possibly me) to toss something to the
snort-team at ...1935... for a inline config doc.
More information about the Snort-users