[Honeywall] Snort_inline log problem

Rob McMillen rvmcmil at gmail.com
Wed Jun 27 21:10:59 EDT 2007

That is right.  In order to get the packet from the firewall and
decide the packet's destiny, you must do it as root.

As far as the inline logging, I would have to look into it as well.
What version honeywall are you using?


On 6/27/07, Patrick McCarty <patrick at setsuid.net> wrote:
> Hash: SHA1
> On Wed, Jun 27, 2007 at 03:44:24PM -0400, Earl wrote:
> > I don't believe it can drop privs becaus eit needs to be able to
> > drop packets and to restes and other rootly stuff.  Rob/Patrick?
> IIRC, it needs root privs because of the interface to the userspace libipq.
> Otherwise, any non-priv process could accept, modify, or reject any packet that was sent to userspace from the iptables -j QUEUE target.
> There may be other reasons as well, its been a bit since I've looked at that particular piece.
> - -- patrick
> Version: GnuPG v1.2.6 (GNU/Linux)
> iD8DBQFGgs3opPYocrgNjZgRAlazAJ4rUjODRmxd3jaKdIPyo2SKsa77WQCdHd+F
> E5QAW41ANhjc0fUBdy10qSQ=
> =B2l3
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall

More information about the Honeywall mailing list