[Snort-users] Setting Snort policy_mode

Ricky Huang rhuang.work at ...11827...
Tue Mar 5 19:04:59 EST 2013


Hello all,

In the Snort manual, section "1.9.4 Specifying Multiple-Instance Identifiers" (http://manual.snort.org/node11.html#SECTION00295000000000000000), it describes Snort's Inline, Passive and Inline-Test mode and to start the three modes in the following manner, respectively:
> 
> snort -Q
> config policy_mode:inline
> 
> config policy_mode:tap
> 
> snort --enable-inline-test
> config policy_mode:inline_test
> 

While I understand how to start snort by hand and passing in -Q or --enable-inline-test, I would like to use /etc/rc.d/ script to start up Snort on boot up.  Do I add config policy_mode:(inline | tap | inline_test) in the snort.conf file?  Do I have to modify the rc.d script to add in the command line arguments?  Or…?


Thanks!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130305/954796e4/attachment.html>


More information about the Snort-users mailing list