[Oisf-users] nfq_set_mark question
kay
kay.diam at gmail.com
Wed Jul 11 11:38:42 UTC 2012
Dear Eric,
I read your articles several times
(https://home.regit.org/2011/04/some-new-features-of-ips-mode-in-suricata-1-1beta2/,
http://home.regit.org/?page_id=7) but still can not understand how to
mark packets matched by some rule.
What I need to achieve is just mark packet (i.e. with 0x80 mark) which
contains "TEST" word and it should be visible in "iptables -nvL" with
"iptables -A INPUT -p tcp -m mark --mark 0x80/0x80 -m tcp --sport 80
-j ACCEPT" rule. How should I configure Suricata and what rule should
I use? My previous configs doesn't work.
I do look forward to your help.
2012/7/10 kay <kay.diam at gmail.com>:
> Hey guys, can anybody advice me?
>
> 2012/7/9 kay <kay.diam at gmail.com>:
>> I've just installed suricata 1.3, but still can not detect marked
>> packets with suricata. I was able to mark all the packets using
>> "repeat" mode but this makes no sense. I need to mark only "bad"
>> traffic and send it to firewall once again.
More information about the Oisf-users
mailing list