
<div dir="ltr">I'm trying to do the same thing to test Suricata,<br><br>Bridging is successful since I have net connection in my host<br><br>---Net-Router(172.20.81.1)------<- Bridge (suricata in computer with 2 cards) ->------ my host (172.20.81.101)<br>

<br>But when i tried this rule :<br><br>drop tcp 172.20.81.101 any -> any any (content:"facebook"; msg:"Attention, Facebook !!!"; sid:1000002; rev:1;)<br>or :<br>drop tcp any any -> any any (content:"facebook"; msg:"Attention, Facebook !!!"; sid:1000002; rev:1;)<br>

<br><br>I just have an alert, but I can enter to facebook.........!!!<br><br><font style="color: rgb(102, 0, 0);" size="1">07/26/10-08:28:07.517395  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1740">172.20.80.100:1740</a> -> <a href="http://72.14.235.104:80">72.14.235.104:80</a><br>

07/26/10-08:28:08.206148  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1742">172.20.80.100:1742</a> -> <a href="http://72.14.235.100:80">72.14.235.100:80</a><br>

07/26/10-08:28:08.380125  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1740">172.20.80.100:1740</a> -> <a href="http://72.14.235.104:80">72.14.235.104:80</a><br>

07/26/10-08:28:09.079290  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1741">172.20.80.100:1741</a> -> <a href="http://67.18.23.65:80">67.18.23.65:80</a><br>

07/26/10-08:28:09.544135  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1745">172.20.80.100:1745</a> -> <a href="http://87.248.218.92:80">87.248.218.92:80</a><br>

07/26/10-08:28:09.639904  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1746">172.20.80.100:1746</a> -> <a href="http://68.87.64.116:80">68.87.64.116:80</a><br>

07/26/10-08:28:09.653826  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1744">172.20.80.100:1744</a> -> <a href="http://67.18.23.65:80">67.18.23.65:80</a><br>

07/26/10-08:28:09.830274  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1748">172.20.80.100:1748</a> -> <a href="http://4.71.209.15:80">4.71.209.15:80</a><br>

07/26/10-08:28:10.008049  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1747">172.20.80.100:1747</a> -> <a href="http://209.85.227.100:80">209.85.227.100:80</a><br>

07/26/10-08:28:10.300653  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1749">172.20.80.100:1749</a> -> <a href="http://68.87.78.149:80">68.87.78.149:80</a><br>

07/26/10-08:28:11.977590  [**] [1:485:5] ICMP Destination Unreachable Communication Administratively Prohibited [**] [Classification: Misc activity] [Priority: 3] {1} <a href="http://172.20.80.1:3">172.20.80.1:3</a> -> <a href="http://172.20.80.100:13">172.20.80.100:13</a><br>

07/26/10-08:28:17.931527  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1740">172.20.80.100:1740</a> -> <a href="http://72.14.235.104:80">72.14.235.104:80</a><br>

07/26/10-08:28:21.189125  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1750">172.20.80.100:1750</a> -> <a href="http://66.220.146.11:80">66.220.146.11:80</a><br>

07/26/10-08:28:38.168496  [**] [1:485:5] ICMP Destination Unreachable Communication Administratively Prohibited [**] [Classification: Misc activity] [Priority: 3] {1} <a href="http://172.20.80.1:3">172.20.80.1:3</a> -> <a href="http://172.20.80.100:13">172.20.80.100:13</a><br>

07/26/10-08:28:42.299672  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1770">172.20.80.100:1770</a> -> <a href="http://72.14.235.104:80">72.14.235.104:80</a><br>

07/26/10-08:28:44.941011  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1804">172.20.80.100:1804</a> -> <a href="http://72.14.235.104:80">72.14.235.104:80</a><br>

07/26/10-08:28:47.559393  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1839">172.20.80.100:1839</a> -> <a href="http://72.14.235.104:80">72.14.235.104:80</a><br>

07/26/10-08:28:49.628545  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1848">172.20.80.100:1848</a> -> <a href="http://72.14.235.104:80">72.14.235.104:80</a><br>

07/26/10-08:28:51.678339  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1862">172.20.80.100:1862</a> -> <a href="http://66.220.146.11:80">66.220.146.11:80</a><br>

07/26/10-08:28:52.378889  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1799">172.20.80.100:1799</a> -> <a href="http://72.14.235.104:80">72.14.235.104:80</a><br>

07/26/10-08:28:54.486073  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1875">172.20.80.100:1875</a> -> <a href="http://196.12.213.56:80">196.12.213.56:80</a><br>

07/26/10-08:28:56.420210  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1889">172.20.80.100:1889</a> -> <a href="http://87.98.130.52:80">87.98.130.52:80</a><br>

07/26/10-08:29:04.413680  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1926">172.20.80.100:1926</a> -> <a href="http://72.14.235.104:80">72.14.235.104:80</a><br>

07/26/10-08:29:08.820362  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1946">172.20.80.100:1946</a> -> <a href="http://72.14.235.100:80">72.14.235.100:80</a><br>

07/26/10-08:29:09.216669  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1949">172.20.80.100:1949</a> -> <a href="http://72.14.235.104:80">72.14.235.104:80</a><br>

07/26/10-08:29:12.252341  [**] [1:485:5] ICMP Destination Unreachable Communication Administratively Prohibited [**] [Classification: Misc activity] [Priority: 3] {1} <a href="http://172.20.80.1:3">172.20.80.1:3</a> -> <a href="http://172.20.80.100:13">172.20.80.100:13</a><br>

07/26/10-08:29:13.124177  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1964">172.20.80.100:1964</a> -> <a href="http://72.14.235.104:80">72.14.235.104:80</a><br>

07/26/10-08:29:13.709394  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1967">172.20.80.100:1967</a> -> <a href="http://66.220.146.11:80">66.220.146.11:80</a><br>

07/26/10-08:29:13.997069  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1974">172.20.80.100:1974</a> -> <a href="http://196.12.213.56:80">196.12.213.56:80</a><br>

07/26/10-08:29:14.158277  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1976">172.20.80.100:1976</a> -> <a href="http://196.12.213.56:80">196.12.213.56:80</a><br>

07/26/10-08:29:14.191434  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1976">172.20.80.100:1976</a> -> <a href="http://196.12.213.56:80">196.12.213.56:80</a><br>

07/26/10-08:29:14.206014  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1976">172.20.80.100:1976</a> -> <a href="http://196.12.213.56:80">196.12.213.56:80</a><br>

07/26/10-08:29:15.576897  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1974">172.20.80.100:1974</a> -> <a href="http://196.12.213.56:80">196.12.213.56:80</a><br>

07/26/10-08:29:21.263951  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:1997">172.20.80.100:1997</a> -> <a href="http://67.18.23.65:80">67.18.23.65:80</a><br>

07/26/10-08:29:24.106282  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2027">172.20.80.100:2027</a> -> <a href="http://66.220.146.11:80">66.220.146.11:80</a><br>

07/26/10-08:29:43.536743  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2048">172.20.80.100:2048</a> -> <a href="http://196.12.213.56:80">196.12.213.56:80</a><br>

07/26/10-08:29:44.225171  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2048">172.20.80.100:2048</a> -> <a href="http://196.12.213.56:80">196.12.213.56:80</a><br>

07/26/10-08:29:44.269318  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2048">172.20.80.100:2048</a> -> <a href="http://196.12.213.56:80">196.12.213.56:80</a><br>

07/26/10-08:29:44.582251  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2048">172.20.80.100:2048</a> -> <a href="http://196.12.213.56:80">196.12.213.56:80</a><br>

07/26/10-08:29:46.024928  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2049">172.20.80.100:2049</a> -> <a href="http://80.157.170.80:80">80.157.170.80:80</a><br>

07/26/10-08:29:46.158738  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2048">172.20.80.100:2048</a> -> <a href="http://196.12.213.56:80">196.12.213.56:80</a><br>

07/26/10-08:29:46.778466  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2050">172.20.80.100:2050</a> -> <a href="http://80.157.170.73:80">80.157.170.73:80</a><br>

07/26/10-08:29:46.850379  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2050">172.20.80.100:2050</a> -> <a href="http://80.157.170.73:80">80.157.170.73:80</a><br>

07/26/10-08:29:47.447351  [**] [1:485:5] ICMP Destination Unreachable Communication Administratively Prohibited [**] [Classification: Misc activity] [Priority: 3] {1} <a href="http://172.20.80.1:3">172.20.80.1:3</a> -> <a href="http://172.20.80.100:13">172.20.80.100:13</a><br>

07/26/10-08:29:50.837632  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2054">172.20.80.100:2054</a> -> <a href="http://196.12.213.57:80">196.12.213.57:80</a><br>

07/26/10-08:29:51.511817  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2057">172.20.80.100:2057</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:51.578581  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2057">172.20.80.100:2057</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:51.649844  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2057">172.20.80.100:2057</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:51.973257  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2057">172.20.80.100:2057</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:52.343481  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2057">172.20.80.100:2057</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:53.313476  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2057">172.20.80.100:2057</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:54.678733  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2057">172.20.80.100:2057</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:55.056374  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2057">172.20.80.100:2057</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:55.398719  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:55.733208  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2057">172.20.80.100:2057</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:57.166266  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2057">172.20.80.100:2057</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:57.293175  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2057">172.20.80.100:2057</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:57.812568  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2058">172.20.80.100:2058</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:58.522060  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:58.589148  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:58.657140  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:29:59.509121  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:00.129142  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:00.194528  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:00.555942  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:00.646232  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2057">172.20.80.100:2057</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:00.874448  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2058">172.20.80.100:2058</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:01.396735  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:01.491180  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:01.560120  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:01.939659  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:02.238916  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:02.838980  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:04.038863  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:04.822896  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2075">172.20.80.100:2075</a> -> <a href="http://67.18.23.65:80">67.18.23.65:80</a><br>

07/26/10-08:30:05.234740  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:05.995330  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2078">172.20.80.100:2078</a> -> <a href="http://72.14.235.104:80">72.14.235.104:80</a><br>

07/26/10-08:30:06.429322  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2080">172.20.80.100:2080</a> -> <a href="http://208.80.152.2:80">208.80.152.2:80</a><br>

07/26/10-08:30:06.438720  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:08.541125  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2077">172.20.80.100:2077</a> -> <a href="http://67.18.23.65:80">67.18.23.65:80</a><br>

07/26/10-08:30:13.636323  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2061">172.20.80.100:2061</a> -> <a href="http://93.186.135.89:80">93.186.135.89:80</a><br>

07/26/10-08:30:13.892064  [**] [1:1000002:1] Attention, Facebook !!! [**] [Classification: (null)] [Priority: 3] {6} <a href="http://172.20.80.100:2095">172.20.80.100:2095</a> -> <a href="http://67.18.23.65:80">67.18.23.65:80</a></font><br>

<br>to give more information, in the console i had this :<br><br style="color: rgb(102, 0, 0);"><font style="color: rgb(102, 0, 0);" size="1">2430] 26/7/2010 -- 09:28:50 - (app-layer-htp.c:479) <Error> (HTPHandleResponseData) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error in parsing HTTP server response: [1] [htp_response.c] [671] Unable to match response to request<br>

[2430] 26/7/2010 -- 09:28:50 - (app-layer-parser.c:931) <Error> (AppLayerParse) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error occured in parsing "http" app layer protocol, using network protocol 6, source IP address 172.20.80.100, destination IP address 72.55.186.68, src port 1807 and dst port 80<br>

[2430] 26/7/2010 -- 09:29:02 - (app-layer-htp.c:479) <Error> (HTPHandleResponseData) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error in parsing HTTP server response: [1] [htp_response.c] [671] Unable to match response to request<br>

[2430] 26/7/2010 -- 09:29:02 - (app-layer-parser.c:931) <Error> (AppLayerParse) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error occured in parsing "http" app layer protocol, using network protocol 6, source IP address 172.20.80.100, destination IP address 72.55.186.68, src port 1805 and dst port 80<br>

[2430] 26/7/2010 -- 09:29:43 - (app-layer-htp.c:479) <Error> (HTPHandleResponseData) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error in parsing HTTP server response: [1] [htp_response_generic.c] [101] Request field invalid: colon missing<br>

[2430] 26/7/2010 -- 09:29:43 - (app-layer-parser.c:931) <Error> (AppLayerParse) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error occured in parsing "http" app layer protocol, using network protocol 6, source IP address 172.20.80.100, destination IP address 196.12.213.56, src port 2048 and dst port 80<br>

[2430] 26/7/2010 -- 09:30:30 - (app-layer-parser.c:931) <Error> (AppLayerParse) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error occured in parsing "http" app layer protocol, using network protocol 6, source IP address 172.20.80.100, destination IP address 72.55.186.68, src port 1808 and dst port 80<br>

[2430] 26/7/2010 -- 09:32:23 - (app-layer-parser.c:931) <Error> (AppLayerParse) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error occured in parsing "http" app layer protocol, using network protocol 6, source IP address 172.20.80.100, destination IP address 72.55.186.68, src port 1812 and dst port 80</font><br>

<br>what do you think ?!!<br><br><br><br><div class="gmail_quote">2010/7/22 Will Metcalf <span dir="ltr"><<a href="mailto:william.metcalf@gmail.com">william.metcalf@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">

You need to use NFQUEUE.  Actually if you just want to filter traffic<br>

moving across the bridge it all moves through the FORWARD chain.  The<br>

INPUT/OUTPUT chains will filter traffic in/out of the  local ip stack<br>

i.e. the management interface etc. So in summary, I think all you<br>

really need to start is....<br>

<div class="im"><br>

iptables -A FORWARD -j NFQUEUE --queue-num 0<br>

<br>

</div>Regards,<br>

<br>

Will<br>

<div><div></div><div class="h5"><br>

On Thu, Jul 22, 2010 at 11:28 AM, Morgan Cox <<a href="mailto:morgancoxuk@gmail.com">morgancoxuk@gmail.com</a>> wrote:<br>

> Hi.<br>

><br>

> I am setting up a bridging IPS .<br>

><br>

> I have one simple question.<br>

><br>

> I want to allow all traffic through the bridge - but get suricata to 'check'<br>

> traffic.<br>

><br>

> Actually I have 2 questions:-<br>

><br>

> 1 .  Do I need to use NFQUEUE or can I just use QUEUE for Iptables ?<br>

><br>

> 2.<br>

><br>

> Is this acceptable rules (for allowing all traffic)<br>

><br>

> iptables -A FORWARD -j QUEUE<br>

> iptables -A INPUT -j QUEUE<br>

> iptables -A OUTPUT -j QUEUE<br>

><br>

><br>

> Or should I use<br>

><br>

> iptables -A INPUT -j NFQUEUE --queue-num 0<br>

> iptables -A FORWARD -j NFQUEUE --queue-num 0<br>

> iptables -A OUTPUT -j NFQUEUE --queue-num 0<br>

><br>

> cheers<br>

><br>

</div></div>> _______________________________________________<br>

> Oisf-users mailing list<br>

> <a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>

> <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>

><br>

><br>

_______________________________________________<br>

Oisf-users mailing list<br>

<a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>

<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>

</blockquote></div><br></div>