> I am queuing all of the packets to a userspace daemon for > Snort-inline to process. If Snort is the problem then could you > advise me on the iptables to pass everything through the transparent > bridge to eliminate it from the equation? Write a log rule before and after the QUEUE rules. You'll probably find that they enter the QUEUE targets section and never leave. The QUEUE target will never return a packet to the system unless the userspace program has processed the packet, so it snort-inline is turned off or broken, none of the matched packets will pass through QUEUE. The problem is that there's no graceful timeout period in which QUEUE assumes that the userspace process is dead. There should be a flag that says the packet will 'continue'/'drop'/'accept' based on the userspace program's timeout.
