[Oisf-users] Suricata 2.0.2 and NFLOG

Phil Daws uxbod at splatnix.net
Fri Jun 27 13:55:08 UTC 2014


I see that in the latest version it now supports NFLOG but am a little unsure of how one actually uses it.  Currently my lab firewall, in-line mode, uses rules like:

-A FORWARD -i eth0 -o eth1 -m mark ! --mark 0x1/0x1 -j NFQUEUE

if switching to NFLOG then would I use:

-A FORWARD -d -m multiport -m tcp -p tcp --dports 25,80 -j NFLOG --nflog-group 2
-A FORWARD -d -m multiport -m tcp -p tcp --dports 25,80 -j ACCEPT

so that it would only inspect a packet we are actually going to allow through ? Does Suricata still need to be in 'repeat' mode as it does for NFQ ?

Thanks, Phil

More information about the Oisf-users mailing list