<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, May 8, 2014 at 5:54 PM, Rich Rumble <span dir="ltr"><<a href="mailto:richrumble@gmail.com" target="_blank">richrumble@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div><div>I see on the wiki Suricata can work with IPTables, but does it have a windows equivalent? <br>
The modern supported windows OS's actually are configurable via CLI using PowerShell, WMIC and Netsh.exe, so the windows firewalls could accept commands similar to Iptables, but perhaps not as robust a feature set.<br>
<br>Snort has Flexresp(3) and that works on Linux and Win32 still, it looks like Suri may have Flexresp too? (see below)<br></div><code><a href="https://doxygen.openinfosecfoundation.org/respond-reject-libnet11_8c.html" target="_blank">https://doxygen.openinfosecfoundation.org/respond-reject-libnet11_8c.html</a><br>
<br></code></div>I have not tried any reset rules like these on Suricata yet but I will<code> when I get a minute:</code><code></code></div></div></div></blockquote><div><div>9/5/2014 -- 12:58:25 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'resp'.<br>
9/5/2014
-- 12:58:25 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
error parsing signature "alert tcp 192.168.11.10 any -> any etc...<br>9/5/2014 -- 12:58:25 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'resp'.<br>9/5/2014
-- 12:58:25 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
error parsing signature "alert ip any any -> any any ( conte etc...<br>9/5/2014
-- 12:58:25 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No
rules loaded from C:\Program Files\Suricata\rules\blocking.rules<br></div><br>Guess that sort of answers that...<br></div><div>I'll see what I can do with trying to find netsh.exe commands that might be similar to iptables commands.<br>
</div><div> -rich</div></div></div></div>