Not to be too pedantic, but IIRC it's actually IPTables that only passes outbound packets to snort-inline via -j QUEUE
Patrick On Fri, Jan 30, 2009 at 9:35 PM, Robert McMillen <[email protected]> wrote: > > On Jan 29, 2009, at 11:48 PM, [email protected] wrote: >> >> As soon as I turn snort back on packets start flowing in both directions >> again. Outgoing packets are being alerted, dropped, etc correctly. But >> snort-inline doesn't even seem to acknowledge incoming packets. They just >> get accepted, with no information. Below is a brief output of running >> snort-inline -v. It seems snort is only processing the outgoing stream and >> not even displaying the incoming.... My servers IP has been removed. > > snort-inline is only configured to filter outgoing packets. Does not look > at incoming packets. > > Rob > _______________________________________________ > Honeywall mailing list > [email protected] > https://public.honeynet.org/mailman/listinfo/honeywall > _______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
