[Oisf-users] Suricata 2.0.2 and NFLOG
Phil Daws
uxbod at splatnix.net
Fri Jun 27 13:55:08 UTC 2014
Hello:
I see that in the latest version it now supports NFLOG but am a little unsure of how one actually uses it. Currently my lab firewall, in-line mode, uses rules like:
-A FORWARD -i eth0 -o eth1 -m mark ! --mark 0x1/0x1 -j NFQUEUE
if switching to NFLOG then would I use:
-A FORWARD -d 192.168.1.10 -m multiport -m tcp -p tcp --dports 25,80 -j NFLOG --nflog-group 2
-A FORWARD -d 192.168.1.10 -m multiport -m tcp -p tcp --dports 25,80 -j ACCEPT
so that it would only inspect a packet we are actually going to allow through ? Does Suricata still need to be in 'repeat' mode as it does for NFQ ?
Thanks, Phil
More information about the Oisf-users
mailing list