[Oisf-users] Inline IPS and HTTP

Phil Daws uxbod at splatnix.net
Thu Apr 17 13:42:33 UTC 2014

resolved; was iptables rule order.

----- Original Message -----
To: oisf-users at lists.openinfosecfoundation.org
Sent: Thursday, 17 April, 2014 8:56:27 AM
Subject: [Oisf-users] Inline IPS and HTTP


not sure whether we are having an issue or not but Suricata never appears to trigger on any ET HTTP rules at all which is making me wonder if we have a configuration error.  On our firewall we are passing the traffic using:

-A FORWARD -i eth0 -o eth1 -j NFQUEUE
-A FORWARD -i eth1 -o eth0 -j NFQUEUE

and then in suricata.yaml we have:


  # Make the default policy windows.
  windows: []
  bsd: []
  bsd-right: []
  old-linux: []
  linux: [,, "8762:2352:6241:7245:E000:0000:0000:0000"]
  old-solaris: []
  solaris: ["::1"]
  hpux10: []
  hpux11: []
  irix: []
  macos: []
  vista: []
  windows2k3: []

have I missed anything ? Thank you.
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/

More information about the Oisf-users mailing list