[Oisf-users] A question about using suricata as an IPS
carlopmart
carlopmart at gmail.com
Fri Apr 1 15:13:56 UTC 2011
On 04/01/2011 05:07 PM, Victor Julien wrote:
> On 04/01/2011 05:04 PM, carlopmart wrote:
>> On 04/01/2011 05:01 PM, Victor Julien wrote:
>>> On 04/01/2011 05:00 PM, carlopmart wrote:
>>>> On 04/01/2011 04:53 PM, Victor Julien wrote:
>>>>> There is no need at all to pass an interface to Suricata in this case.
>>>>> Suricata gets the packets from NFQueue 0 as told by "-q 0".
>>>>>
>>>>> Cheers,
>>>>> Victor
>>>>>
>>>>
>>>> Ok, but If I have several bridges in the same host, how can i configure
>>>> suricata or iptables then??
>>>>
>>>> Thanks.
>>>
>>> You need to setup your iptables NFQUEUE rules in such a way that all
>>> traffic you want to pass to Suricata is covered. Suricata just inspects
>>> what ends up on queue 0.
>>>
>>
>> Then, is this rule correct to pass only traffic from ipsif0?
>>
>> iptables -i ipsif0 -A FORWARD -j NFQUEUE --queue-num 0
>>
>
> I'd say:
>
> iptables -A FORWARD -i ipsif0 -j NFQUEUE --queue-num 0
> iptables -A FORWARD -o ipsif0 -j NFQUEUE --queue-num 0
>
> Cheers,
> Victor
OOpss .. Many thanks Victor.
--
CL Martinez
carlopmart {at} gmail {d0t} com
More information about the Oisf-users
mailing list