[Oisf-users] Fwd: Suricata - test rule ignored/not dropping.

Anas.B a.bouhsaina at gmail.com
Tue Jul 27 09:11:11 UTC 2010


Yes,

I'm connected from my host wich get connection from the Bridge !

is there any other configuration that I should add ?

A..

2010/7/27 Victor Julien <victor at inliniac.net>

> Anas.B wrote:
>
> > Good morning,
> >
> > This is my case :
> >
> > Bridging is successful since I have net connection in my host
> >
> > ---Net-Router(172.20.81.1)-----<- Bridge (suricata in computer (with 2
> > cards) ->------ my host (172.20.81.101)
> >
> > br0 eth1 eth0
> > *But* when i tried this rule :
> >
> > drop tcp 172.20.81.101 any -> any any (content:"facebook";
> > msg:"Attention, Facebook !!!"; sid:1000002; rev:1;)
> > or :
> > drop tcp any any -> any any (content:"facebook"; msg:"Attention,
> > Facebook !!!"; sid:1000002; rev:1;)
> >
> >
> > I just have an alert, but I can enter to facebook.........!!!
>
> I suspect something is wrong with your bridge because with that last
> rule it drops access to facebook just fine here.
>
> Cheers,
> Victor
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100727/afd3afca/attachment-0002.html>


More information about the Oisf-users mailing list