[Oisf-users] A question about using suricata as an IPS
Victor Julien
victor at inliniac.net
Fri Apr 1 15:07:43 UTC 2011
On 04/01/2011 05:04 PM, carlopmart wrote:
> On 04/01/2011 05:01 PM, Victor Julien wrote:
>> On 04/01/2011 05:00 PM, carlopmart wrote:
>>> On 04/01/2011 04:53 PM, Victor Julien wrote:
>>>> There is no need at all to pass an interface to Suricata in this case.
>>>> Suricata gets the packets from NFQueue 0 as told by "-q 0".
>>>>
>>>> Cheers,
>>>> Victor
>>>>
>>>
>>> Ok, but If I have several bridges in the same host, how can i configure
>>> suricata or iptables then??
>>>
>>> Thanks.
>>
>> You need to setup your iptables NFQUEUE rules in such a way that all
>> traffic you want to pass to Suricata is covered. Suricata just inspects
>> what ends up on queue 0.
>>
>
> Then, is this rule correct to pass only traffic from ipsif0?
>
> iptables -i ipsif0 -A FORWARD -j NFQUEUE --queue-num 0
>
I'd say:
iptables -A FORWARD -i ipsif0 -j NFQUEUE --queue-num 0
iptables -A FORWARD -o ipsif0 -j NFQUEUE --queue-num 0
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list