[Oisf-users] In-line
Will Metcalf
william.metcalf at gmail.com
Fri Jul 2 15:33:08 UTC 2010
On Fri, Jul 2, 2010 at 9:50 AM, Anas.B <a.bouhsaina at gmail.com> wrote:
> Hi will,
>
> I need documentation about how to set suricata in-line
http://www.inliniac.net/blog/2010/05/01/compiling-suricata-0-8-2-in-ubuntu-lucid-10-04-in-ips-inline-mode.html
Anything moving across the bridge that isn't traffic bound for the
host itself moves through the forward chain so if you wanted to send
all traffic moving across the bridge to suricata you would create a
rule like
iptables -A FORWARD -j NFQUEUE
> Actually, i'm following this tuto :
> http://openmaniak.com/fr/inline_bridge.php
> that's why i talked about "bridge mode",
>
> You can run it in NAT mode, or on an end host
>
> How ? and what's the best to run Suricata in-line ?
Just depends one what works best for your environment.
> This example is for which mode ? (Nat,bridge,host !!!)
> iptables -I INPUT -i lo -j ACCEPT
> iptables -I INPUT -p tcp --dport 80 -j NFQUEUE
> iptables -I OUTPUT -p tcp --sport 80 -j NFQUEUE
This example would be for a host say running a webserver on port 80.
Regards,
Will
More information about the Oisf-users
mailing list