Arch Linux User Repository

Search Criteria

Enter search criteria

Search by

Keywords

Out of Date

Sort by

Sort order

Per page

Package Details: snort-nfqueue 3.3.4.0-1

Package Actions

Git Clone URL:	https://aur.archlinux.org/snort-nfqueue.git (read-only, click to copy)
Package Base:	snort-nfqueue
Description:	A lightweight network IDS / IPS with NFQUEUE and OpenAppID support.
Upstream URL:	https://www.snort.org
Keywords:	IDS intrusion IPS NFQUEUE OpenAppID
Licenses:	GPL
Conflicts:	snort
Provides:	snort
Submitter:	amish
Maintainer:	amish
Last Packager:	amish
Votes:	1
Popularity:	0.000000
First Submitted:	2014-05-08 12:58 (UTC)
Last Updated:	2024-08-29 03:28 (UTC)

Dependencies (18)

gperftools (gperftools-git^AUR)
hwloc
hyperscan (hyperscan-git^AUR)
libdaq^AUR (libdaq-static^AUR)
libdnet (libdnet-git^AUR)
libmnl (libmnl-git^AUR)
libnetfilter_queue (libnetfilter_queue-git^AUR)
libpcap (libpcap-git^AUR)
libunwind (libunwind-carbon^AUR, libunwind-git^AUR)
luajit (luajit-2.1-lua52-git^AUR, luajit-git^AUR, luajit-openresty^AUR)
lz4 (lz4-git^AUR)
openssl (openssl-git^AUR, openssl-static^AUR)
pcre
pulledpork^AUR
xz (xz-git^AUR)
zlib (zlib-ng-compat-git^AUR, zlib-git^AUR, zlib-ng-compat^AUR, zlib-ng-compat)
cmake (cmake-git^AUR) (make)
pkgconf (pkgconf-git^AUR) (make)

Required by (5)

barnyard2 (requires snort) (optional)
oinkmaster (requires snort)
pulledpork (requires snort) (optional)
sguil-sensor (requires snort) (optional)
snort3-extra (requires snort)

Sources (8)

Pinned Comments

amish commented on 2021-01-24 05:07 (UTC)

This snort version by default runs as INLINE (nfq) IDS as well as IPS. i.e. it works by using iptables / nft NFQUEUE target. i.e. it does not run in sniffing mode and it can block packets at firewall level.

However, you can perfectly run it as normal snort IDS by changing local.lua and systemd start up files.

Latest Comments

amish commented on 2022-12-06 16:55 (UTC)

@graysky: Ok I tried again and I recall now what had happened the last time.

It worked randomly. Sometimes snort gave the following error and sometimes it worked. And that is why I switched to 'any'.

Dec 06 22:22:14 amish snort[47450]: ERROR: rules/snort.rules:4040 Undefined variable in the string: $EXTERNAL_NET.

I will implement the other change about -Q. Thanks for the TIP.

graysky commented on 2022-12-06 14:37 (UTC) (edited on 2022-12-06 14:38 (UTC) by graysky)

@amish - you can make the systemd service more flexible by dropping the hardcoded -Q and replacing it with a few lines in your local.lua see: https://github.com/graysky2/packages/blob/snort3/net/snort3/files/local.lua#L6-L7

And to answer your question, yes, it works, see: https://github.com/graysky2/packages/blob/snort3/net/snort3/files/homenet.lua

amish commented on 2022-12-05 15:51 (UTC)

@graysky - Last when I had tried, it didnt work. Is it working for you now?

graysky commented on 2022-12-05 12:34 (UTC) (edited on 2022-12-05 12:34 (UTC) by graysky)

@amish - I see now (conversation from snort package). Shouldn't you define EXTERNAL_NET = "!$HOME_NET" in homenet.lua?

amish commented on 2021-01-24 05:07 (UTC)

However, you can perfectly run it as normal snort IDS by changing local.lua and systemd start up files.