[Oisf-users] Inline Securita
Phil Daws
uxbod at splatnix.net
Mon Feb 10 18:09:57 UTC 2014
I see packets being passed to NFQUEUE:
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
6218 1632K NFQUEUE all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
but is there any way to see what Suricata is doing with them ? I have it running in foreground but all it says is:
suricata -vvvvv -c /usr/local/etc/suricata/suricata.yaml -q 0
...
...
10/2/2014 -- 17:39:42 - <Notice> - all 5 packet processing threads, 3 management threads initialized, engine started.
Thanks.
----- Original Message -----
From: "Phil Daws" <uxbod at splatnix.net>
To: oisf-users at lists.openinfosecfoundation.org
Sent: Monday, 10 February, 2014 5:33:16 PM
Subject: [Oisf-users] Inline Securita
Hello all,
am taking my first tiny steps in setting up Securita on a home brewed firewall. I have built Securita and downloaded the ET sigs using PulledPork; I think!
within my iptables configuration I have defined multiple chains for performing different actions, plus have multiple interfaces defining networks ie.
eth0 -> public
eth1 -> dmz
eth2 -> internal
according to the documentation, IIRC, one would add the following:
iptables -I FORWARD -j NFQUEUE
as I have multiple networks are wish to protect the public facing I presume I would use something like:
iptables -I FORWARD 1 -i eth0 -j NFQUEUE
so that any new inbound traffic would initially be sent to the NFQUEUE and if clean would be returned back to the FORWARD queue for further processing. Does that make sense please ?
Thank you.
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/
More information about the Oisf-users
mailing list