[Oisf-users] Help with setup Nftables and Suricata

Eric Leblond eric at regit.org
Thu Apr 16 15:49:53 UTC 2015


Sorry, I'm a bit late.

On Sun, 2015-03-29 at 21:41 +0100, Duarte Silva wrote:
> Hi guys,
> is there a way to filter traffic in the same machine where the SSL traffic has been 
> terminated?
> Example: web server listening in port 443 for SSL connections acts as a 
> reverse proxy to other port in the same server. I want Suricata in the middle 
> to intercept that traffic (IPS mode).

You have a connection coming from the HTTPS server and going to the HTTP
server. So the HTTP server will receive in input chain packet and send
packet via output chain.

So you can use two rules:
 input -> iif lo tcp dport 80 nfqueue
 output -> oif lo tcp sport 80 nfqueue


> Thanks for any help,
> Duarte
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/

Eric Leblond <eric at regit.org>
Blog: https://home.regit.org/

More information about the Oisf-users mailing list