[Snort-users] Basics of setting up an inline snort installation
bigdavekelly at ...14012...
Wed Feb 8 10:03:56 EST 2012
I'm going to try setting up a new inline configuration, I've only
tried passive before but would like Snort to be able to drop packets
it says are bad. I'm trying to work out the IP addressing for it. At
the moment, I have all my machines in 192.168.1.0/24 with a router at
192.168.1.1 and a mirrored port on the switch sending all traffic to
It's pretty similar to the Ubuntu getting started guide in the docs
("Snort 126.96.36.199 on Ubuntu 10.04 LTS").
I think that to move snort to inline I'm going to need to give it a
proper IP address and have the traffic pass through it but I can't
quite work out how to do that without reconfiguring all the hosts to
have new gateway addresses etc. Any hints to get me going would be
More information about the Snort-users