[Snort-users] Setting Snort policy_mode
rhuang.work at ...11827...
Tue Mar 5 19:04:59 EST 2013
In the Snort manual, section "1.9.4 Specifying Multiple-Instance Identifiers" (http://manual.snort.org/node11.html#SECTION00295000000000000000), it describes Snort's Inline, Passive and Inline-Test mode and to start the three modes in the following manner, respectively:
> snort -Q
> config policy_mode:inline
> config policy_mode:tap
> snort --enable-inline-test
> config policy_mode:inline_test
While I understand how to start snort by hand and passing in -Q or --enable-inline-test, I would like to use /etc/rc.d/ script to start up Snort on boot up. Do I add config policy_mode:(inline | tap | inline_test) in the snort.conf file? Do I have to modify the rc.d script to add in the command line arguments? Or…?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users