[Snort-users] Snort in Inline Mode on CentOS 6.3

Y M snort at ...15979...
Wed Feb 6 10:28:08 EST 2013

You will need 3 interfaces. Two will be in transparent mode and the third will be used for management. When you run Snort in inline mode, you would use, for example: -i eth0:eth1, or the bridge if you will be using a bridge and eth3 for management.

From: Okeowo, Ayo<mailto:gadmin at ...16076...>
Sent: ‎2/‎6/‎2013 6:22 PM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: [Snort-users] Snort in Inline Mode on CentOS 6.3

Hello Folks,

Has anyone successfully setup Snort 2.9.4 on CentOS 6.3 with functioning
IPS(Inline Mode) using 2 interfaces (1 for sniffing traffic and 2nd for

I'm having a few issues, although I haven't sat down to address it yet due
to my day job sucking my time. The first issue is, if I use 1 interface and
put Snort to Inline Mode, my drop rules don't work. Second, if I use 2
interfaces, both Alert and Drop rules cease to work and I get nothing on

Any insight to this issue will be appreciated. Like I said I haven't sat
down to troubleshoot this issue but your response will help.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130206/d44c5ad4/attachment.html>
-------------- next part --------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
-------------- next part --------------
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list