Changes between Version 1 and Version 2 of SnortInline
- 12/08/07 12:30:58 (5 years ago)
v1 v2 55 55 Vuurmuur uses 'marks' to differentiate between traffic that must be accepted and traffic that must be queued. Packets with a mark in the range 0-9.999.999 are accepted, 20.000.000-29.999.999 are queued. If you want to mark traffic (for example for shaping or routing) then you have to keep in mind that to use this together with Snort_inline, the marks must fall between the above range. By default Vuurmuur will mark traffic that is to be queued with mark 20.000.000. 56 56 57 == Known issues/got ha's == 57 == Known issues/gotha's == 58 58 59 59 Currently there are two known issues with using Snort_inline this way. Both are not specific to using it with Vuurmuur. 60 60 61 The first is that i s traffic is sendto the queue while no program is connected to the queue, traffic is effectively dropped. The same is true if Snort_inline crashes. 61 The first is that i to the queue while no program is connected to the queue, traffic is effectively dropped. The same is true if Snort_inline crashes. 62 62 63 63 The second issue is that Snort_inline can use a lot of system resources, which can mean that connections will be slower. But this mostly depends on the settings of Snort_inline itself (more rules means less performance) and of course on the speed of your hardware.