On 2013-07-11 at 22:33:48 -0400, Lawrence Teo wrote:
> On Fri, May 31, 2013 at 07:41:21PM -0400, Lawrence Teo wrote:
> > This patch fixes two issues with the IPFW DAQ module that's used by
> > Snort inline:
>
> I would really like to commit these two DAQ fixes so that they can be
> included on time for the 5.4 release. These fixes are needed for Snort
> to run properly in inline mode.
>
> To recap, this diff fixes two issues:
>
> 1. Snort inline does not drop/reject packets
> 2. Snort inline cannot run as an unprivileged user
>
> Since not many people are familiar with Snort inline on OpenBSD, I have
> included my test procedure below for anyone who would like to replicate
> my tests.
>
> Comments? OK?
>
> Thanks,
> Lawrence
I just finished applying the patch and following your test procedure on
an i386 -current system updated today; I can confirm everything works
exactly as described.
Great finds.
--avj
