Changes between Version 1 and Version 2 of SnortInline
- Timestamp:
- 12/08/07 12:30:58 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
SnortInline
v1 v2 55 55 Vuurmuur uses 'marks' to differentiate between traffic that must be accepted and traffic that must be queued. Packets with a mark in the range 0-9.999.999 are accepted, 20.000.000-29.999.999 are queued. If you want to mark traffic (for example for shaping or routing) then you have to keep in mind that to use this together with Snort_inline, the marks must fall between the above range. By default Vuurmuur will mark traffic that is to be queued with mark 20.000.000. 56 56 57 == Known issues/got ha's ==57 == Known issues/gotcha's == 58 58 59 59 Currently there are two known issues with using Snort_inline this way. Both are not specific to using it with Vuurmuur. 60 60 61 The first is that i s traffic is sendto the queue while no program is connected to the queue, traffic is effectively dropped. The same is true if Snort_inline crashes.61 The first is that if traffic is sent to the queue while no program is connected to the queue, traffic is effectively dropped. The same is true if Snort_inline crashes. 62 62 63 63 The second issue is that Snort_inline can use a lot of system resources, which can mean that connections will be slower. But this mostly depends on the settings of Snort_inline itself (more rules means less performance) and of course on the speed of your hardware.
