<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Jun 18, 2017 at 9:29 PM, Jim Campbell <span dir="ltr"><<a href="mailto:jim@w4bqp.net" target="_blank">jim@w4bqp.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF">
    When you configure Snort to operate in Inline mode, packets that
    cause an alert are also dropped.</div></blockquote><div><br></div><div>This depends whether your rule is DROP or ALERT. Snort inline mode does not have to drop traffic.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div bgcolor="#FFFFFF"> The two documents that best
    describe this are:<br>
    <a class="gmail-m_-6035651559328447230moz-txt-link-freetext" href="http://sublimerobots.com/2016/02/snort-ips-inline-mode-on-ubuntu/" target="_blank">http://sublimerobots.com/2016/<wbr>02/snort-ips-inline-mode-on-<wbr>ubuntu/</a><br>
<a class="gmail-m_-6035651559328447230moz-txt-link-freetext" href="https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/013/original/Snort_IPS_using_DAQ_AFPacket.pdf" target="_blank">https://s3.amazonaws.com/<wbr>snort-org-site/production/<wbr>document_files/files/000/000/<wbr>013/original/Snort_IPS_using_<wbr>DAQ_AFPacket.pdf</a><br>
    The information in both are needed.<br></div></blockquote><div><br></div><div>here you find a more complete information including a full system setup, however only for snort3 and nfq: </div><div><a href="https://github.com/marcindulak/vagrant-snort-nfqueue-tutorial-centos7">https://github.com/marcindulak/vagrant-snort-nfqueue-tutorial-centos7</a><br></div><div> </div><div>Marcin</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div bgcolor="#FFFFFF">
    <br>
    <div class="gmail-m_-6035651559328447230moz-cite-prefix">On 6/17/2017 9:52 PM, tantioification .
      wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">Hi Jim,
        <div><br>
        </div>
        <div>Could you tell me how to <span style="font-size:12.8px">drop </span><span style="font-size:12.8px">any packet that alerted
            automatically with pulledpork?</span></div>
        <div><span style="font-size:12.8px">in your last post you seem
            to be successful..</span></div>
        <div><span style="font-size:12.8px">would you sharing to me?</span></div>
      </div>
      <div class="gmail_extra"><br>
      </div>
    </blockquote>
    <br>
  </div>

<br>______________________________<wbr>_________________<br>
Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.snort.org">Snort-users@lists.snort.org</a><br>
Go to this URL to change user options or unsubscribe:<br>
<a href="https://lists.snort.org/mailman/listinfo/snort-users" rel="noreferrer" target="_blank">https://lists.snort.org/<wbr>mailman/listinfo/snort-users</a><br>
<br>
Please visit <a href="http://blog.snort.org" rel="noreferrer" target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort news!<br>
<br></blockquote></div><br></div></div>