[Oisf-users] In-line
Anas.B
a.bouhsaina at gmail.com
Fri Jul 2 14:50:04 UTC 2010
Hi will,
I need documentation about how to set suricata in-line
Actually, i'm following this tuto :
http://openmaniak.com/fr/inline_bridge.php
that's why i talked about "bridge mode",
You can run it in NAT mode, or on an end host
How ? and what's the best to run Suricata in-line ?
This example is for which mode ? (Nat,bridge,host !!!)
iptables -I INPUT -i lo -j ACCEPT
iptables -I INPUT -p tcp --dport 80 -j NFQUEUE
iptables -I OUTPUT -p tcp --sport 80 -j NFQUEUE
thank's
Anas
2010/7/2 Will Metcalf <william.metcalf at gmail.com>
> > To run Suricata as IPS, we have to set it in-line as Bridge, with 2 or 3
> > interfaces,
> > am i wrong ?
>
> You can run it in NAT mode, or on an end host by queuing traffic to
> your INPUT/OUTPUT chains. For example if you wanted to inspect
> traffic going to a local web-server you can do something like
>
> iptables -I INPUT -i lo -j ACCEPT
> iptables -I INPUT -p tcp --dport 80 -j NFQUEUE
> iptables -I OUTPUT -p tcp --sport 80 -j NFQUEUE
>
>
> > I've configure it to start when the interface is up, and it is managed by
> > "network manager" in Ubuntu 10.4
> > When i disconnect the interface, Suricata Stops, and vise versa
> >
> > but what should i do if i want to stop Suricata manually ?
> you can always use something like "killall suricata".
>
> If you are scripting startup and shutdown of daemon mode use the
> --pidfile option
>
> suricata -c suricata.yaml -i wlan0 -l ./ -D --pidfile=/var/run/suricata.pid
>
> you can then do something like the following in a script
>
> kill `cat /var/run/suricata.pid`
>
> Regards,
>
> Will
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100702/4b1faa03/attachment-0002.html>
More information about the Oisf-users
mailing list