How does snort_inline and squid work together? snort_inline uses the function of iptables:QUEUE,my question is how the iptables set,I can not see it from the command iptables -L -v
I've posted this very question in another post. It would appear that they pass ALL trafic to the snort_inline process IPS is enabled. The QUEUE target in iptables would showup with the iptables -L -v command.
List loaded modules after a reboot with IPS off and then after enabling IPS. See if it loads a module called iptable_ips. I think Astaro's version of snort_inline uses something a little different than the "standard" snort_inline.
I'd love to hear their explanation.
I've posted this very question in another post. It would appear that they pass ALL trafic to the snort_inline process IPS is enabled. The QUEUE target in iptables would showup with the iptables -L -v command.
List loaded modules after a reboot with IPS off and then after enabling IPS. See if it loads a module called iptable_ips. I think Astaro's version of snort_inline uses something a little different than the "standard" snort_inline.
I'd love to hear their explanation.
thanks for your answer,but i still can not find the target QUEUE from command "iptables -L -v",so I guess that arstaro make the target "ACCEPT" different from the standard one
I see. I was looking in the default table 'filter'. I was looking through iptables -h but can't see a way to list the existing tables. I still need to compile snort_inline with MySQL support.
