[Oisf-users] A question about using suricata as an IPS
carlopmart
carlopmart at gmail.com
Fri Apr 1 15:04:45 UTC 2011
On 04/01/2011 05:01 PM, Victor Julien wrote:
> On 04/01/2011 05:00 PM, carlopmart wrote:
>> On 04/01/2011 04:53 PM, Victor Julien wrote:
>>> There is no need at all to pass an interface to Suricata in this case.
>>> Suricata gets the packets from NFQueue 0 as told by "-q 0".
>>>
>>> Cheers,
>>> Victor
>>>
>>
>> Ok, but If I have several bridges in the same host, how can i configure
>> suricata or iptables then??
>>
>> Thanks.
>
> You need to setup your iptables NFQUEUE rules in such a way that all
> traffic you want to pass to Suricata is covered. Suricata just inspects
> what ends up on queue 0.
>
Then, is this rule correct to pass only traffic from ipsif0?
iptables -i ipsif0 -A FORWARD -j NFQUEUE --queue-num 0
--
CL Martinez
carlopmart {at} gmail {d0t} com
More information about the Oisf-users
mailing list