Did you look in /var/log/messages to see what the error was?
Rob
On Mar 13, 2008, at 2:24 PM, Nandhini Thiagarajan wrote:
Thanks for those who all replied to my previous posts on snort inline.
Rob & Will, in the snort_inline config file, i have the following-
preprocessor stream4: disable_evation_alerts
preprocessor stream4_reassemble: both
I tried adding the below rule to telnet.rules in snort_inline.
drop tcp $HOME_NET any -> $EXTERNAL_NET 23 (msg: "Dropping HOME_NET ->
EXTERNAL_NET traffic";)
And after a reboot (restart of snort_inline), snort_inline says
FAILED.
I'm not able to add any rule as snort_inline fails to start.
What is the reason for that?If i remove the rule, it starts fine.
What i would like to know, is with roo1.2 have u been able to get
snort_inline logs such as dropping/replacing packets? From your
previous post, i'm not sure if there is any bug as a whole on
snort_inline in roo 1.2 or if u were talking about some enhancement
features.
I'm trying to see if there is a bug with snort_inline in roo 1.2 or
is there an error with my set up.
I would appreciate if u can let me know the above detail which will
be useful for my debugs.
Thanks
Nandhini
Never miss a thing. Make Yahoo your homepage.
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
