[Oisf-users] simple question for bridging IPS (inline)
Will Metcalf
william.metcalf at gmail.com
Thu Jul 22 16:51:36 UTC 2010
You need to use NFQUEUE. Actually if you just want to filter traffic
moving across the bridge it all moves through the FORWARD chain. The
INPUT/OUTPUT chains will filter traffic in/out of the local ip stack
i.e. the management interface etc. So in summary, I think all you
really need to start is....
iptables -A FORWARD -j NFQUEUE --queue-num 0
Regards,
Will
On Thu, Jul 22, 2010 at 11:28 AM, Morgan Cox <morgancoxuk at gmail.com> wrote:
> Hi.
>
> I am setting up a bridging IPS .
>
> I have one simple question.
>
> I want to allow all traffic through the bridge - but get suricata to 'check'
> traffic.
>
> Actually I have 2 questions:-
>
> 1 . Do I need to use NFQUEUE or can I just use QUEUE for Iptables ?
>
> 2.
>
> Is this acceptable rules (for allowing all traffic)
>
> iptables -A FORWARD -j QUEUE
> iptables -A INPUT -j QUEUE
> iptables -A OUTPUT -j QUEUE
>
>
> Or should I use
>
> iptables -A INPUT -j NFQUEUE --queue-num 0
> iptables -A FORWARD -j NFQUEUE --queue-num 0
> iptables -A OUTPUT -j NFQUEUE --queue-num 0
>
> cheers
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
More information about the Oisf-users
mailing list