[Snort-users] react when running daq nfq inline
dserfez at ...11827...
Tue Mar 6 15:29:05 EST 2012
trying to run snort (22.214.171.124) in inline mode with nfq as daq type,
iptables FORWARD chain configured with NFQUEUE target, the packets are
analyzed, allowed ones pass, but when rule contains the 'react' option;
- alert is logged
- packet seem dropped (tcp retransmisions from client)
- the html (default nor configured) is sent back to the client.
When snort is stopped, the "Packet I/O Totals:" shows that there were
injected packets, but capturing on ethernet interfaces does not snow any
of the alleggedly injected packets.
I couldn't find any helpful informationin the documentation.
Anyone willing to help with a piece of wisdom and knowledge?
More information about the Snort-users