Hi, I have installed successfully snort-inline with iptables functionality. Well for iptables, it seems that it reads the packets from the queue. Now the doubt is whether explicitly a rule has to be added for the iptables with target as queue or it does it itself. Another thing is : there is hogwash-iptables package which uses iptables. That i have already installed. Regards, Amit -----Original Message----- From: Alberto Gonzalez [mailto:albertg@cerebro.violating.us] Sent: Tue 12/31/2002 3:07 PM To: 'snort-users@lists.sourceforge.net' Cc: Subject: Re: [Snort-users] Snort-inline question I personally haven't used snort-inline. But Hogwash doesn't use iptables to drop packets. If you successfully compiled snort-inline then your good to go. IIRC it will only drop packets in NIDS mode[1], not sniffing mode etc...... Cheers, Alberto Gonzalez [1] Which seems the logical thing todo.. or no? Amit Kumar Gupta wrote: > Hi List, > > > > I am having some queries abtSnort-inline. Here they are :- > > (1) While installing snort-inline whether i have to mention libipq > > directorty. If i don't mention, even then it goes fine. Does it mean > > that it has taken it from the appropriate path. > > > > (2) snort-inline has the hogwash functionality. So does it mean that > > it uses iptables. Another thing is Snort-inline is supposed to sit > inline > > and prevent malicious packets. How does it do it. Is there any > specific command > > for it to do this. > > > > (3) I have successfully installed snort-inline, and using snort > > commands. So does it mean that whenever i will run snort command in > > any one of the mode(sniffing, IDS, logging), the malicious packets > > will be dropped. > > > > Please give your suggestions and views. > > > > Regards, > > Amit > -- The secret to success is to start from scratch and keep on scratching. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list