[Oisf-users] IPS
Victor Julien
victor at inliniac.net
Wed Jun 9 13:16:44 UTC 2010
In that case you'd need:
iptables -A OUTPUT -p tcp --dport 80 -j NFQUEUE
iptables -A INPUT -p tcp --sport 80 -j NFQUEUE
This would send outgoing http traffic (the vm browsing the web) to Suricata.
Cheers,
Victor
Anas.B wrote:
> No, I'm just trying this in local Virtual Machine Ubuntu).
>
> since there is no much Doc, i'm a little lost.
>
> thaks a lot
>
>
> 2010/6/9 Victor Julien <victor at inliniac.net <mailto:victor at inliniac.net>>
>
> Did you add the appropriate iptables rules?
>
> For example for getting port 80 to suricata:
>
> iptables -A FORWARD -p tcp --dport 80 -j NFQUEUE
>
> Cheers,
> Victor
>
> Anas.B wrote:
> >
> > Hello,
> >
> > I've just tested a nmap,
> >
> > I noticed more unified files
> > and alerts in the file fast.log
> > new values in alert-debug.log and stats.log
> >
> > that means it works !!
> >
> > But with the command ==> *# suricata -c
> /etc/suricata/suricata.yaml -q 0
> >
> > *I have no logs,
> > any suggestions
> >
> > thanks :)
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> <mailto:Oisf-users at openinfosecfoundation.org>
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list