[Oisf-users] Inline IPS and HTTP
Phil Daws
uxbod at splatnix.net
Thu Apr 17 13:42:33 UTC 2014
resolved; was iptables rule order.
----- Original Message -----
To: oisf-users at lists.openinfosecfoundation.org
Sent: Thursday, 17 April, 2014 8:56:27 AM
Subject: [Oisf-users] Inline IPS and HTTP
Hello,
not sure whether we are having an issue or not but Suricata never appears to trigger on any ET HTTP rules at all which is making me wonder if we have a configuration error. On our firewall we are passing the traffic using:
-A FORWARD -i eth0 -o eth1 -j NFQUEUE
-A FORWARD -i eth1 -o eth0 -j NFQUEUE
and then in suricata.yaml we have:
HTTP_SERVERS: "[172.30.8.20/32]"
host-os-policy:
# Make the default policy windows.
windows: [0.0.0.0/0]
bsd: []
bsd-right: []
old-linux: []
linux: [10.0.0.0/8, 172.30.0.0/16, "8762:2352:6241:7245:E000:0000:0000:0000"]
old-solaris: []
solaris: ["::1"]
hpux10: []
hpux11: []
irix: []
macos: []
vista: []
windows2k3: []
have I missed anything ? Thank you.
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/
More information about the Oisf-users
mailing list