[Snort-users] "Adapter is in Passive Mode" Warning
rhuang.work at ...11827...
Wed Mar 6 18:01:59 EST 2013
I was playing Snort rules and noticed the following doesn't work:
> reject ICMP any any -> $HOME_NET any (msg:"Shut this rule off, it works now"; sid:100000;)
> alert ICMP any any -> $HOME_NET any (msg:"Shut this rule off, it works now"; sid:100000;)
So I ran snort with -T flag and noticed:
> WARNING: /usr/local/etc/snort/snort.conf(641) Adapter is in Passive Mode. Hence switching policy mode to tap.
Line 641 of snort.conf is where I tried to set policy to "inline" ("config policy_mode:inline").
Is there supposed to be a build flag to enable IPS capability on Snort? I looked at my FreeBSD ports option:
> # make showconfig
> ===> The following configuration options are available for snort-2.9.4_1:
> BARNYARD=on: Depend on Barnyard2
> DBGSNORT=off: Enable debugging symbols+core dumps
> FLEXRESP3=on: Enable flexible response on events (v3)
> GRE=on: Enable GRE support
> IPV6=on: IPv6 protocol
> LRGPCAP=off: Enable pcaps larger than 2GB
> MPLS=on: MPLS support
> NORMALIZER=on: Enable normalizer
> PERFPROFILE=on: Enable performance profiling
> PULLEDPORK=on: Depend on pulledpork
> REACT=on: Enable react
> SNORTSAM=off: Enable unofficial Snortsam patch
> SOURCEFIRE=on: Enable Sourcefire-specific build options
> TARGETBASED=on: Enable targetbased support
> ZLIB=on: Enable GZIP support
and couldn't seem to find any…
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users