Hi,
I'm trying to run Snort in inline (IPS) mode. Here's my configuration file:
An here is the rule file:
I execute
I'm trying to run Snort in inline (IPS) mode. Here's my configuration file:
Code:
config daq: ipfw
config daq_mode: inline
config policy_mode: inline
output alert_full: stdout
include snort.rule
Code:
drop tcp any any -> any 23 (msg: "Drop telnet packets"; sid: 1000001)
pass ip any any -> any any snort -c /root/snr.conf -Q --alert-before-pass. I expect the ICMP packets to pass and telnet packets to drop. But both packet types pass! Am I missing something?