[Snort-users] Snort Inline w/ NFQ doesn't work after reboot

James Lay jlay at ...13475...
Tue Nov 29 12:25:26 EST 2016


On 2016-11-28 14:28, J Green wrote:
> Compiled Snort 2.9.8.3 & DAQ, CentOS 7 (VM).
> 
> It works w/ NFQ inline.  However, if I reboot the VM, NFQ no longer
> seems to work.  I do not see anything in the logs, etc.
> 
> Here is how I am running Snort:
> 
> snort -Q --daq nfq --daq-var device=eth0 --daq-var queue=1 -c
> /etc/snort/snort.conf &
> 
> iptables -t nat -I PREROUTING -j NFQUEUE --queue-num 1
> iptables -I FORWARD -j NFQUEUE --queue-num 1
> 
> barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.us
> [1] -w /var/log/snort/barnyard.waldo -g snort -u snort
> 
> Any input would be appreciated.
> 
> Thank you.
> 
> 
> 
> Links:
> ------
> [1] http://snort.us
> 
> ------------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest 
> Snort news!


Make sure your IP tables rules are reapplied on reboot.

James




More information about the Snort-users mailing list