[Oisf-users] A question about using suricata as an IPS
Victor Julien
victor at inliniac.net
Sat Apr 2 10:26:00 UTC 2011
On 04/01/2011 07:32 PM, carlopmart wrote:
> Uhmm .. It doesn't works. I have tried:
>
> a) iptables -i ipsif0 -A FORWARD -j NFQUEUE --queue-num 0
> b) iptables -A FORWARD -i ipsif0 -j NFQUEUE --queue-num 0
> iptables -A FORWARD -o ipsif0 -j NFQUEUE --queue-num 0
> c) iptables -A FORWARD -j NFQUEUE --queue-num 0
Try looking at the output of "iptables -vnL", this lists the rules with
hit counters, it should show you what rules receive traffic.
> With these rules, suricata doesn't see traffic. If I change "-q 0" to
> "-i ipsif0", suricata sees traffic.
With -i you just run in IDS mode.
> What am i doing wrong?? Suricata is 1.1beta1.
I suspect your iptables configuration isn't right.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list