[Snort-users] IPS Inline Mode
erdem at ...16870...
Fri Jun 20 04:51:04 EDT 2014
I am new on Snort
I installed with guide and run IDS mode.
I have two problems.
Firstly, Snort handle only host machine packets. I write some rules example:
alert tcp any any -> any any (content:"www.facebook.com";msg:"Facebook
This rule works only machine which installed Snort. Other machines accesses
are not handled.
Other problem is Inline Mode.
I run with this command
snort --daq nfq -Q -c /etc/snort/snort.conf --daq-dir /usr/local/lib/daq
--daq-var device=eth0 -i eth0
Snort gives this error
ERROR: Can't initialize DAQ nfq (-7) - The nfq DAQ module does not support
interface or readback mode!
If I remove "-i eth0", Snort works but do not handle any packets
Thanks for replies
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users