From owner-freebsd-net@FreeBSD.ORG  Thu Jul  4 15:37:19 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 3AFCBB29
 for <freebsd-net@freebsd.org>; Thu,  4 Jul 2013 15:37:19 +0000 (UTC)
 (envelope-from julian@freebsd.org)
Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16])
 by mx1.freebsd.org (Postfix) with ESMTP id 118811D45
 for <freebsd-net@freebsd.org>; Thu,  4 Jul 2013 15:37:18 +0000 (UTC)
Received: from jre-mbp.elischer.org
 (ppp121-45-226-51.lns20.per1.internode.on.net [121.45.226.51])
 (authenticated bits=0)
 by vps1.elischer.org (8.14.5/8.14.5) with ESMTP id r64FbErg095516
 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
 Thu, 4 Jul 2013 08:37:17 -0700 (PDT)
 (envelope-from julian@freebsd.org)
Message-ID: <51D596A5.1050301@freebsd.org>
Date: Thu, 04 Jul 2013 23:37:09 +0800
From: Julian Elischer <julian@freebsd.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8;
 rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Nomad Esst <noname.esst@yahoo.com>
Subject: Re: snort does not block packets in inline mode in FreeBSD
References: <1372936578.82526.YahooMailNeo@web162701.mail.bf1.yahoo.com>
In-Reply-To: <1372936578.82526.YahooMailNeo@web162701.mail.bf1.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jul 2013 15:37:19 -0000

On 7/4/13 7:16 PM, Nomad Esst wrote:
> Hi list
> I have the same problem as this http://seclists.org/snort/2012/q4/465
> After talking to this guy, He said that they could not solve this problem and they have migrated to Suricata. Do have any ideas? Is this a bug?
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
>
>
unless divert has been broken,(*) the problem must be in snort.
it must be resubmitting the packets to be forwarded.

(*)if you look at the packet that are going out of the box after being 
approved by snort, are there duplicate packets?