[Oisf-users] Inline IPS with NFQUEUE, mysql server FIN packet got dropped
Andreas Herz
andi at geekosphere.org
Wed Mar 1 21:25:28 UTC 2017
On 27/02/17 at 15:58, zhao.li at verizon.com wrote:
> We're using Suricata as inline IPS in our environment with iptable NFQUEUE rule setup.
> At this point we do not have any rule with "drop" action, all of them are "alert" only.
>
> But we have seen an issue where packet didn't make it from server to remote client even without "drop" action, to be specific:
Since the connection itself works I guess you made sure that all the
packets are going into the NFQUEUE?
Can you look into the stats.log? We have some cases within the code that
also drops packets. See
https://redmine.openinfosecfoundation.org/issues/1749
Also add some information like suricata version etc.
--
Andreas Herz
More information about the Oisf-users
mailing list