[Oisf-devel] [PATCH 0/3] Add set_mark option
Victor Julien
victor at inliniac.net
Tue Mar 8 22:12:56 UTC 2011
On 03/08/2011 08:11 PM, Nick Rogness wrote:
> On Mon, Mar 7, 2011 at 2:18 PM, Eric Leblond <eric at regit.org> wrote:
>>
>>> I wonder if we should make name it something like
>>> nfq_set_mark? It's specific to NFQ. I don't think we can translate it to
>>> IPFW for example... What do you think?
>>
>> You're right. I don't think this is possible on *BSD. I will modify the
>> option name before sesending the patch.
>>
>
> FreeBSD's IPFW has a similar option called tag, but the kernel strips
> this tag when sending to suricata on the divert socket.
>
> However, there are several other things with the IPFW firewall which could
> be set based on specific suricata rules match, i.e. which IPFW rule to reinsert
> the packet, etc.
How would that work? Have it reinject on specific line numbers based on
the signatures that match in Suricata? Or something we can do the packet
that IPFW understands?
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list