[Netkit.users] Iptables and Snort in-line
Massimo Rimondini
rimondin at dia.uniroma3.it
Mon Aug 31 12:31:01 CEST 2009
Dear Swotino,
sorry, but I couldn't reproduce your problem. I appended your configuration
lines at the end of /etc/snort/snort.conf, then ran:
pc1:~# iptables -A OUTPUT -p tcp --dport 80 -j QUEUE
pc1:~# ifconfig eth0 10.0.0.1 up
pc1:~# snort -QDc /etc/snort/snort.conf
Reading from iptables
pc1:~#
I didn't check for the correct operation of snort, but got no error message
either.
The QUEUE target is compiled in the kernel. It may be useful for you to
consider the following:
"As of kernel 2.6.14 the behavior of netfilter has changed. A new system for
talking to the QUEUE has been deviced, called the nfnetlink_queue. The QUEUE
target is basically a pointer to the NFQUEUE 0 nowadays." [from
http://security.maruhn.com/iptables-tutorial/x10045.html]
Regards,
Massimo.
From: netkit.users-bounces a list.dia.uniroma3.it
[mailto:netkit.users-bounces a list.dia.uniroma3.it] On Behalf Of Swotino
Swoti
Sent: Friday, August 28, 2009 12:07 PM
To: netkit.users a list.dia.uniroma3.it
Subject: [Netkit.users] Iptables and Snort in-line
Hi,
I want create a simulation of IPS with Snort in-line anche Iptables. I
installed Snort in-line and use this command:
# iptables -A OUTPUT -p tcp --dport 80 -j QUEUE
# snort -QDc /etc/snort/snort.conf
I configured snort.conf:
# Configure Inline Resets
# ========================
#
....
#
config layer2resets
config layer2resets: 96:b6:23:db:10:14
But everytime Snort run, it return me this message:
Reading from iptables
Running in IDS mode
Initializing Inline mode
InitInline: : Failed to send netlink message: Connection refused
So I try to load module ip_queue with:
modprobe ip_queue
FATAL: Module ip_queue not found
What can I do?
________________________________________
Dove sono i tuoi amici? Aggiungili a Messenger.
More information about the Netkit.users
mailing list