I am using snort_inline and I forwarded all the packets using iptables to the

Question

0

Asked: June 8, 20262026-06-08T19:43:01+00:00 2026-06-08T19:43:01+00:00

I am using snort_inline and I forwarded all the packets using iptables to the

0

I am using “snort_inline” and I forwarded all the packets using
iptables to the QUEUE so that snort_inline can pick them up for
inspection and drop/alert depending on the rules.
But does “Snort” when run in inline mode take in packets from iptables
too? What is the difference between Snort and Snort_inline when it
comes to blocking packets ?
I observe that when I run “Snort” without using iptables, somehow my
packets are getting dropped.
Would be helpful if someone clarifies this for me.
Thanks !

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-08T19:43:03+00:00

Editorial Team

2026-06-08T19:43:03+00:00Added an answer on June 8, 2026 at 7:43 pm

snort_inline is depreciated and you should use Snort with DAQ. Snort with DAQ can handle the same Snort “dropping” of packets.

There are several different inline modes that DAQ will support, iptables (nfqueue) being one of them.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am using snort_inline and I forwarded all the packets using iptables to the

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply