Hi all Have you guys ever tried this combination? Using snort in inline mode and IPFW as daq. I have added the following lines to the default /usr/local/etc/snort/snort.conf file :
config daq: ipfw config daq_mode: inline config policy_mode: inline And I use the following script to run snort: #!/bin/sh ipfw -q delete set 10 >/dev/null 1>/dev/null 2>/dev/null ipfw -q delete 401 >/dev/null 1>/dev/null 2>/dev/null ipfw -q delete 402 >/dev/null 1>/dev/null 2>/dev/null ipfw -q delete 403 >/dev/null 1>/dev/null 2>/dev/null ipfw -q add 401 allow all from 224.0.0.0/24 to any >/dev/null 1>/dev/null 2>/dev/null ipfw -q add 402 allow all from any to 224.0.0.0/24 >/dev/null 1>/dev/null 2>/dev/null ipfw -q add 403 allow all from me to me >/dev/null 1>/dev/null 2>/dev/null /bin/snort --daq ipfw --daq-var port=1500 -N -A full -l /var/log/snort/ -c /usr/local/etc/snort/snort.conf >/dev/null 1>/dev/null 2>/dev/null -q & ipfw -q add 451 set 10 divert 1500 all from any to any >/dev/null 1>/dev/null 2>/dev/null But it does not drop the packets. Any suggestions or experiences ? Thanks in advance _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
