[Oisf-users] Help with setup Nftables and Suricata

Duarte Silva duarte.silva at serializing.me
Thu Apr 16 15:58:15 UTC 2015


On Thursday 16 April 2015 17:49:53 Eric Leblond wrote:
> Hi,
> 
> Sorry, I'm a bit late.
> 
> On Sun, 2015-03-29 at 21:41 +0100, Duarte Silva wrote:
> > Hi guys,
> > 
> > is there a way to filter traffic in the same machine where the SSL traffic
> > has been terminated?
> > 
> > Example: web server listening in port 443 for SSL connections acts as a
> > reverse proxy to other port in the same server. I want Suricata in the
> > middle to intercept that traffic (IPS mode).
> 
> You have a connection coming from the HTTPS server and going to the HTTP
> server. So the HTTP server will receive in input chain packet and send
> packet via output chain.
> 
> So you can use two rules:
>  input -> iif lo tcp dport 80 nfqueue
>  output -> oif lo tcp sport 80 nfqueue
> 
> BR,

thanks Eric. I was suffering from a brain freeze that day :D I eventually 
figured it out eheheh By the way, have you seen this one [1]? It only happens 
on the output chain both in nftables and iptables.

Cheers,
Duarte

[1] http://comments.gmane.org/gmane.comp.security.ids.oisf.devel/3201

> 
> > Thanks for any help,
> > Duarte
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Training now available: http://suricata-ids.org/training/



More information about the Oisf-users mailing list