[Snort-users] reject without being inline

Anthony Sheetz sheetzam at ...17060...
Wed Jan 14 15:15:38 EST 2015


We have a snort sensor on our network being fed packets using a mirror from
our switch. We'd like to be able to send RST packets using reject rules
without having the sensor inline with our Internet traffic. Is this
possible?

It seems like it should be possible to route RST packets generated by our
snort sensor out through our internet gateway without actually putting
snort in the packet stream, perhaps using iptables rules on the sensor to
rewrite them properly, or direct them out the correct ethernet port to the
gateway, rather than the mirror port.

Has anyone done this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150114/890c462e/attachment.html>


More information about the Snort-users mailing list