[Oisf-users] fail2ban integration
David Wharton
oisf at davidwharton.us
Mon May 6 02:41:12 UTC 2019
On 5/4/19 7:15 AM, Marios Spinthiras wrote:
> I've had a number of deployments recently which restricted the use of
> NFQUEUE for IPS. I did however want IPS capabilities but didn't want
> to change from AF_PACKET.
Why not run AF_PACKET inline? It has been an option for more than six
years; see
https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/. I
haven't messed around with it much but I did set it up not too long ago
and it seemed to work fine.
-David
More information about the Oisf-users
mailing list