[Snort-users] "Adapter is in Passive Mode" Warning
rhuang.work at ...11827...
Fri Mar 8 03:17:01 EST 2013
On Mar 6, 2013, at 3:01 PM, Ricky Huang <rhuang.work at ...11827...> wrote:
> Hi all,
> I was playing Snort rules and noticed the following doesn't work:
>> reject ICMP any any -> $HOME_NET any (msg:"Shut this rule off, it works now"; sid:100000;)
>> alert ICMP any any -> $HOME_NET any (msg:"Shut this rule off, it works now"; sid:100000;)
> works fine.
> So I ran snort with -T flag and noticed:
>> WARNING: /usr/local/etc/snort/snort.conf(641) Adapter is in Passive Mode. Hence switching policy mode to tap.
> Line 641 of snort.conf is where I tried to set policy to "inline" ("config policy_mode:inline").
> Is there supposed to be a build flag to enable IPS capability on Snort? I looked at my FreeBSD ports option:
>> # make showconfig
>> ===> The following configuration options are available for snort-2.9.4_1:
>> BARNYARD=on: Depend on Barnyard2
>> DBGSNORT=off: Enable debugging symbols+core dumps
>> FLEXRESP3=on: Enable flexible response on events (v3)
>> GRE=on: Enable GRE support
>> IPV6=on: IPv6 protocol
>> LRGPCAP=off: Enable pcaps larger than 2GB
>> MPLS=on: MPLS support
>> NORMALIZER=on: Enable normalizer
>> PERFPROFILE=on: Enable performance profiling
>> PULLEDPORK=on: Depend on pulledpork
>> REACT=on: Enable react
>> SNORTSAM=off: Enable unofficial Snortsam patch
>> SOURCEFIRE=on: Enable Sourcefire-specific build options
>> TARGETBASED=on: Enable targetbased support
>> ZLIB=on: Enable GZIP support
> and couldn't seem to find any…
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users