[Oisf-users] Help with setup Nftables and Suricata
Duarte Silva
duarte.silva at serializing.me
Thu Apr 16 15:58:15 UTC 2015
On Thursday 16 April 2015 17:49:53 Eric Leblond wrote:
> Hi,
>
> Sorry, I'm a bit late.
>
> On Sun, 2015-03-29 at 21:41 +0100, Duarte Silva wrote:
> > Hi guys,
> >
> > is there a way to filter traffic in the same machine where the SSL traffic
> > has been terminated?
> >
> > Example: web server listening in port 443 for SSL connections acts as a
> > reverse proxy to other port in the same server. I want Suricata in the
> > middle to intercept that traffic (IPS mode).
>
> You have a connection coming from the HTTPS server and going to the HTTP
> server. So the HTTP server will receive in input chain packet and send
> packet via output chain.
>
> So you can use two rules:
> input -> iif lo tcp dport 80 nfqueue
> output -> oif lo tcp sport 80 nfqueue
>
> BR,
thanks Eric. I was suffering from a brain freeze that day :D I eventually
figured it out eheheh By the way, have you seen this one [1]? It only happens
on the output chain both in nftables and iptables.
Cheers,
Duarte
[1] http://comments.gmane.org/gmane.comp.security.ids.oisf.devel/3201
>
> > Thanks for any help,
> > Duarte
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Training now available: http://suricata-ids.org/training/
More information about the Oisf-users
mailing list