Re: Bridge mode bugfix and performance improvement
Posted by Roadrunnere42 on Mar 31, 2016; 4:05pm
URL: https://itus.accessinnov.com/Bridge-mode-bugfix-and-performance-improvement-tp561p595.html
Hi user8446
I followed your instruction running router mode and copied over the two modified snort rules 7 / 8, disabled processes as instructed reboot and it failed to connect to internet. Looked at sysrem log and found
Thu Mar 31 15:56:35 2016 daemon.notice netifd: Network device 'eth0' link is down
Thu Mar 31 15:56:35 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss
Thu Mar 31 15:56:35 2016 daemon.notice netifd: wan (3340): Received SIGTERM
Thu Mar 31 15:56:36 2016 daemon.err snort[3323]: FATAL ERROR: /etc/snort/snort8.conf(120) Unknown rule type: prune_log_max.
Thu Mar 31 15:56:36 2016 user.emerg procd: Cannot change large-receive-offload
Thu Mar 31 15:56:38 2016 daemon.notice netifd: Network device 'eth0' link is up
Thu Mar 31 15:56:38 2016 daemon.notice netifd: Interface 'wan' has link connectivity
Thu Mar 31 15:56:38 2016 daemon.notice netifd: Interface 'wan' is setting up now
Thu Mar 31 15:56:38 2016 kern.notice kernel: [ 75.354303] eth0: 1000 Mbps Full duplex, port 0
Thu Mar 31 15:56:38 2016 daemon.notice netifd: wan (3983): udhcpc (v1.23.2) started
Thu Mar 31 15:56:38 2016 daemon.notice netifd: wan (3983): Sending discover...
Thu Mar 31 15:56:39 2016 daemon.err snort[3391]: FATAL ERROR: /etc/snort/snort7.conf(120) Unknown rule type: prune_log_max.
Thu Mar 31 15:56:39 2016 user.emerg procd: Cannot change large-receive-offload
Thu Mar 31 15:56:41 2016 kern.notice kernel: [ 78.304013] eth2: Link down
did find this in snort 7 about prune_log_max
preprocessor stream5_global: track_tcp yes, \
track_udp yes, \
track_icmp yes, \
max_tcp 10000, \
max_udp 10000, \
max_active_responses 2, \
min_response_seconds 5
prune_log_max 1120810preprocessor stream5_global: track_tcp yes, \
track_udp yes, \
track_icmp yes, \
max_tcp 10000, \
max_udp 10000, \
max_active_responses 2, \
min_response_seconds 5
prune_log_max 1120810
any idea what to do to or is then because i'm running 8942 rules?
reverted back at present.
Keep up the good work
roadrunnere42