[Snort-users] Setting Snort policy_mode

Ricky Huang rhuang.work at ...11827...
Tue Mar 5 20:25:35 EST 2013

On Mar 5, 2013, at 4:04 PM, Ricky Huang <rhuang.work at ...11827...> wrote:

> […]
> While I understand how to start snort by hand and passing in -Q or --enable-inline-test, I would like to use /etc/rc.d/ script to start up Snort on boot up.  Do I add config policy_mode:(inline | tap | inline_test) in the snort.conf file?  Do I have to modify the rc.d script to add in the command line arguments?  Or…?

Upon further reading I found the answer to my question here: http://manual.snort.org/node16.html#SECTION00313100000000000000

policy_mode is added to snort.conf.

I have a follow-up question, the config file provided by snort.org contains no such key/field (http://labs.snort.org/snort/2940/snort.conf), does it by default start in "tap" mode?  (I am guessing it does…).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130305/78c4d25b/attachment.html>

More information about the Snort-users mailing list