<div dir="ltr">Hello,<br><br>I saved this script in the init.d folder (Ubuntu)<br><br><br><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 12"><meta name="Originator" content="Microsoft Word 12"><link rel="File-List" href="file:///C:%5CUsers%5CAbuMalek%5CAppData%5CLocal%5CTemp%5Cmsohtmlclip1%5C01%5Cclip_filelist.xml"><link rel="themeData" href="file:///C:%5CUsers%5CAbuMalek%5CAppData%5CLocal%5CTemp%5Cmsohtmlclip1%5C01%5Cclip_themedata.thmx"><link rel="colorSchemeMapping" href="file:///C:%5CUsers%5CAbuMalek%5CAppData%5CLocal%5CTemp%5Cmsohtmlclip1%5C01%5Cclip_colorschememapping.xml"><style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;
mso-font-charset:0;
mso-generic-font-family:roman;
mso-font-pitch:variable;
mso-font-signature:-1610611985 1107304683 0 0 415 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:-520092929 1073786111 9 0 415 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin-top:0cm;
margin-right:0cm;
margin-bottom:10.0pt;
margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:Arial;
mso-bidi-theme-font:minor-bidi;
mso-fareast-language:EN-US;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:Arial;
mso-bidi-theme-font:minor-bidi;
mso-fareast-language:EN-US;}
.MsoPapDefault
{mso-style-type:export-only;
margin-bottom:10.0pt;
line-height:115%;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;
mso-header-margin:36.0pt;
mso-footer-margin:36.0pt;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<div style="border: 1pt solid windowtext; padding: 1pt 4pt; margin-left: 31.2pt; margin-right: 0cm;">
<p class="MsoNormal" style="line-height: 10pt; border: medium none; padding: 0cm; margin-left: 40px;"><font size="2"><b><span style="color: rgb(0, 176, 80);">#!/bin/bash</span></b><span style="color: rgb(0, 176, 80);"> <br>
# <br>
# suricata_inline</span><span style="color: rgb(192, 0, 0);"><br>
<br>
<b>start(){</b> <br>
</span><span style="color: rgb(0, 176, 80);"># Démarrer les démons.</span><span style="color: rgb(192, 0, 0);"> <br>
<b>echo "Démarrage du module ip_queue:" <br>
lsmod | grep ip_queue >/dev/null || /sbin/modprobe ip_queue;</b> <br>
</span><span style="color: rgb(0, 176, 80);">#</span><span style="color: rgb(192, 0, 0);"> <br>
<b>echo "Démarrage des règles iptables:"</b> <br>
</span><span style="color: rgb(0, 176, 80);"># Traffic iptables envoyé
vers la QUEUE: <br>
# Accepter les connexions internes</span><span style="color: rgb(192, 0, 0);"> <br>
<b>iptables -A INPUT -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT <br>
iptables -A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT</b> <br>
</span><span style="color: rgb(0, 176, 80);"># Envoie tous le traffic
entrant, sortant et "forward" vers la QUEUE</span><span style="color: rgb(192, 0, 0);"> <br>
<b>iptables -A INPUT -j NFQUEUE <br>
</b></span><span style="color: rgb(0, 176, 80);"># iptables -A FORWARD
-j QUEUE</span><b><span style="color: rgb(192, 0, 0);"> <br>
iptables -A OUTPUT -j NFQUEUE</span></b><span style="color: rgb(192, 0, 0);"> <br>
</span><span style="color: rgb(0, 176, 80);"># Démarrage de Suricata_inline
</span><span style="color: rgb(192, 0, 0);"></span></font></p>
<p class="MsoNormal" style="line-height: 10pt; border: medium none; padding: 0cm; margin-left: 40px;"><font size="2"><span style="color: rgb(192, 0, 0);">echo "Démarrage de suricata_inline:
"<br>
<b>suricata -c /etc/suricata/suricata.yaml -q 0</b><br>
</span><span style="color: rgb(0, 176, 80);"># -q -> process le
traffic en queue <br>
# -D -> lancer en tant que démon <br>
# -v -> verbose <br>
# -l -> chemin vers les journaux (log) <br>
# -c -> chemin vers le fichier de configuration</span><span style="color: rgb(192, 0, 0);"> <br>
<b>} </b><br>
<br>
<b>stop() {</b> <br>
</span><span style="color: rgb(0, 176, 80);"># Stopper les démons. <br>
# Stopper Suricata_Inline <br>
# echo "Arrêt de suricata_inline: "</span><span style="color: rgb(192, 0, 0);"> <br>
<b>killall suricata_inline</b> <br>
</span><span style="color: rgb(0, 176, 80);"># Supprime toutes les
règles iptables et <br>
# Configure les stratégies (policies) Netfilter par défaut à "accept"</span><span style="color: rgb(192, 0, 0);"> <br>
<b>echo "Suppression des règles iptables:" <br>
iptables -F</b> <br>
</span><span style="color: rgb(0, 176, 80);"># -F -> flush iptables</span><span style="color: rgb(192, 0, 0);"> <br>
<b>iptables -P INPUT ACCEPT <br>
iptables -P OUTPUT ACCEPT <br>
iptables -P FORWARD ACCEPT</b> <br>
</span><span style="color: rgb(0, 176, 80);"># -P -> stratégie
(policy) par default </span></font><span style="font-size: 10pt; color: rgb(192, 0, 0);"><font size="2"><br><b>} </b><br><br></font>
<b><font size="2">restart(){ <br>
stop <br>
start <br>
} <br><br>
case "$1" in <br><br>
start) <br>
start <br>
;; <br><br>
stop) <br>
stop <br>
;; <br><br>
restart) <br>
restart <br>
;; <br>
*) <br>
echo $"Usage: $0 {start|stop|restart|}" <br>
exit 1 <br>
esac</font>
</b></span></p>
</div>
<br>After that i've runned this command <meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 12"><meta name="Originator" content="Microsoft Word 12"><link rel="File-List" href="file:///C:%5CUsers%5CAbuMalek%5CAppData%5CLocal%5CTemp%5Cmsohtmlclip1%5C01%5Cclip_filelist.xml"><link rel="themeData" href="file:///C:%5CUsers%5CAbuMalek%5CAppData%5CLocal%5CTemp%5Cmsohtmlclip1%5C01%5Cclip_themedata.thmx"><link rel="colorSchemeMapping" href="file:///C:%5CUsers%5CAbuMalek%5CAppData%5CLocal%5CTemp%5Cmsohtmlclip1%5C01%5Cclip_colorschememapping.xml"><style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;
mso-font-charset:0;
mso-generic-font-family:roman;
mso-font-pitch:variable;
mso-font-signature:-1610611985 1107304683 0 0 415 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:-520092929 1073786111 9 0 415 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin-top:0cm;
margin-right:0cm;
margin-bottom:10.0pt;
margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;
mso-bidi-font-family:Arial;
mso-fareast-language:EN-US;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:Arial;
mso-bidi-theme-font:minor-bidi;
mso-fareast-language:EN-US;}
.MsoPapDefault
{mso-style-type:export-only;
margin-bottom:10.0pt;
line-height:115%;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;
mso-header-margin:36.0pt;
mso-footer-margin:36.0pt;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<p class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 35.4pt; line-height: normal;"><b><span style=""># sudo update-rc.d suricata_inline defaults</span></b></p>to start it automattically,<br><br>But after rebooting, i've just the iptables saved not the Suricata running !<br>
<br>Maybe this is because the intrerface is not yet up ???<br><br>do you know any solution ?!<br><br>thx<br><span style="color: rgb(192, 192, 192);">Anas</span><br>
</div>