<!DOCTYPE html>
<html><head>
<meta charset="UTF-8">
</head><body><p>Hello David<br></p><p>The quick answer is 'No', its not running in parallel with iptables. In online(IDS) mode they can be used together but to do their own tasks; Suricata to sniff all of the data from a SPAN/Mirror port etc and iptables to deal with any firewalling needs you may have. But, iptables will merely be controlling access to the system its running on as opposed to through it. You would physical deploy the system Online...like a port sniffer. You do not need iptables.<br></p><p>On the other hand when using Suricata in inline mode with iptables or more precisely <a href="https://home.regit.org/netfilter-en/using-nfqueue-and-libnetfilter_queue/">NFQUEUE</a> you tell iptables to send the traffic to a nfQUEUE that Suricata is listening to and Suricata then makes the decision based on your IPS rule set to deal with a packet appropriately. Effectively, the traffic flows from one end--iptables--suricata--the other end. You would physically deploy the system Inline like a firewall.<br></p><p>Actually when Inline you could regard the usage of iptables and iptables/Suricata as parallel. Because you could get iptables to pass or block certain traffic and use iptables/Suricata to inspect the remainder. <br></p><p>Hope that helps.<br></p><p>Amar<br></p><p>On October 2, 2017 at 8:32 PM David Woodfall wrote:<br><br><br>I have been reading up about running Suricata inline with iptables. My<br>question is, what does the topology look like if it isn't running<br>inline? Is it running in parallel with iptables, or is it more<br>complex?<br><br>-Dave<br>_______________________________________________<br>Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>Site: <a href="http://suricata-ids.org" target="_blank" rel="noopener noreferrer">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank" rel="noopener noreferrer">http://suricata-ids.org/support/</a><br>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank" rel="noopener noreferrer">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br><br>Conference: <a href="https://suricon.net" target="_blank" rel="noopener noreferrer">https://suricon.net</a><br>Trainings: <a href="https://suricata-ids.org/training/" target="_blank" rel="noopener noreferrer">https://suricata-ids.org/training/</a></p><p><br></p><div class="io-ox-signature"><p>Kind regards<br></p><p>Amar Rathore</p><p>CounterSnipe Systems LLC <br>Tel: +1 617 701 7213 <br>Mobile: +44 (0) 7876 233333 <br>Skype ID: amarrathore <br>Web: www.countersnipe.com <http://www.countersnipe.com/> <br><br></p><p><span style="font-size: 8pt;">This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.</span></p><p><span style="font-size: 8pt;">E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions.</span> <br></p></div></body></html>