[Oisf-users] Suricata NFQ in PREROUTING chain
Pavel Stepanov
rif.nsk at gmail.com
Mon May 27 07:23:51 UTC 2019
Hi all!
I am testing IPS mode and discovered an issue:
Suricata can not detect TLS and HTTP in PREROUTING chain in mangle table. In
FORWARD chain all works as expected.
But I want to use PREROUTING because I need suricata's nfq marks _before_
routing decision in kernel.
Basically, I want Suricata to detect SNI in HTTPS connections, check
hostnames and redirect connection to transparent Squid proxy if hostname
matches.
How can I do this? Maybe in af_packet mode, not only nfq.
----
Regards, Pavel.
More information about the Oisf-users
mailing list