[Oisf-users] Inline IPS and HTTP

Phil Daws uxbod at splatnix.net
Thu Apr 17 07:56:27 UTC 2014


not sure whether we are having an issue or not but Suricata never appears to trigger on any ET HTTP rules at all which is making me wonder if we have a configuration error.  On our firewall we are passing the traffic using:

-A FORWARD -i eth0 -o eth1 -j NFQUEUE
-A FORWARD -i eth1 -o eth0 -j NFQUEUE

and then in suricata.yaml we have:


  # Make the default policy windows.
  windows: []
  bsd: []
  bsd-right: []
  old-linux: []
  linux: [,, "8762:2352:6241:7245:E000:0000:0000:0000"]
  old-solaris: []
  solaris: ["::1"]
  hpux10: []
  hpux11: []
  irix: []
  macos: []
  vista: []
  windows2k3: []

have I missed anything ? Thank you.

More information about the Oisf-users mailing list