[Oisf-users] Pass and Drop

Will Metcalf william.metcalf at gmail.com
Tue Jun 15 13:59:31 UTC 2010


> How does it work in that case? Will suricata let HOME_NET users access
> the server, and also check that no one tries nasty things to it (like
> sql injection for example)?

Pass rules are processed before other rules so if a pass rule is
matched then that packet will be allowed.  I'm not sure if I
understand you correctly but if you have a scenario where you have a
DMZ and internal/external users connected to the same fw, it may be
easier to split the traffic out to different NFQUEUE targets and fire
up multiple suricata processes one bound to each NFQUEUE target with
different rule sets.  Does this help?

Regards,

Will



More information about the Oisf-users mailing list