You are not logged in.
I began to write a PKGBUILD for snort with inline-mode enabled (Snort with IPS abilities). Here's the abs:
http://www.archive.org/download/Snort-i … src.tar.gz
The package builds correctly and runs fine, it requires libnet-1.02:
http://www.archive.org/download/Abs-Lib … src.tar.gz
Snort starts up fine with the init script, or use:
snort -QDc /etc/snort/snort.conf -l /var/log/snort/ -i eth0 -v
to see that packets are being diverted to iptables. And then redirect all packets to the queue:
iptables -A INPUT -j QUEUE
Where packets are to be queued, analyzed by snort and then redirected back to netfilter. Unfortunately this rule is blocking all traffic. It's possible that it's almost done and I don't know enough about iptables. I don't have any more time to work on this anymore so for anyone that wants to can take it from here please be free.
Last edited by Kisha (2009-03-02 16:34:18)
Offline