> I have commented on the tracking... comma seperated dns servers seems to > be the cause of iptables not blocking the traffic. With one dns entered > in pf.conf and in network.conf for DHCP everything is detected and filtered.
This is fixed now. > > I am running snort and intended it to monitor the inline interface, > unless I have the interface naming confused. I have this dedicated box > setup to create a seperate net which can be monitored. So I have eth0 > as part of my main network, and am using eth1 as a NAT to uncontrolled > devices (in this case student laptops). I just made changes to make sure that snort can run on the inline interface correctly. It will be available as a snapshot or in the devel repo tomorrow. Assuming: LAN ---> eth1:PacketFence:eth0 ---> Internet You should have: [interface eth0] ... type=management [interface eth1] ... type=internal,monitor enforcement=inline It worked in the lab. -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
