I just want to drop outbound traffic to port 80. This is my rule:
drop tcp 192.168.0.35 any -> any 80 (msg:"WEB"; sid:121212
This is what I did with iptables:
$ iptables -F
$ modprobe ip_queue
$ lsmod | grep ip_queue
$ iptables -I INPUT -j QUEUE
Then I have commented out all the default rules in snort_inline.conf
and added my one rule at the bottom :
include $RULE_PATH/example.rules
I started snort-inline with this command:
$ snort-inline -i eth1 -c /etc/snort_inline/snort_inline.conf -l /myLogFiles/
It executes without a problem and starts monitoring. However, when it initializes, it says:
0 out of 512 flowbits in use and nothing gets dropped when I browse the web.
Any help will be appreciated.