[Oisf-users] A question about using suricata as an IPS
carlopmart
carlopmart at gmail.com
Sun Apr 3 18:14:04 UTC 2011
On 04/02/2011 12:26 PM, Victor Julien wrote:
> On 04/01/2011 07:32 PM, carlopmart wrote:
>> Uhmm .. It doesn't works. I have tried:
>>
>> a) iptables -i ipsif0 -A FORWARD -j NFQUEUE --queue-num 0
>> b) iptables -A FORWARD -i ipsif0 -j NFQUEUE --queue-num 0
>> iptables -A FORWARD -o ipsif0 -j NFQUEUE --queue-num 0
>> c) iptables -A FORWARD -j NFQUEUE --queue-num 0
>
> Try looking at the output of "iptables -vnL", this lists the rules with
> hit counters, it should show you what rules receive traffic.
>
>> With these rules, suricata doesn't see traffic. If I change "-q 0" to
>> "-i ipsif0", suricata sees traffic.
>
> With -i you just run in IDS mode.
>
>> What am i doing wrong?? Suricata is 1.1beta1.
>
> I suspect your iptables configuration isn't right.
>
OOpss .. I have made a mistake with my iptables rules... Sorry for the
noise.
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
More information about the Oisf-users
mailing list