[Oisf-devel] [PATCH 0/3] Add set_mark option
Nick Rogness
oisf at rogness.net
Tue Mar 8 19:11:45 UTC 2011
On Mon, Mar 7, 2011 at 2:18 PM, Eric Leblond <eric at regit.org> wrote:
>
>> I wonder if we should make name it something like
>> nfq_set_mark? It's specific to NFQ. I don't think we can translate it to
>> IPFW for example... What do you think?
>
> You're right. I don't think this is possible on *BSD. I will modify the
> option name before sesending the patch.
>
FreeBSD's IPFW has a similar option called tag, but the kernel strips
this tag when sending to suricata on the divert socket.
However, there are several other things with the IPFW firewall which could
be set based on specific suricata rules match, i.e. which IPFW rule to reinsert
the packet, etc.
Nick
More information about the Oisf-devel
mailing list