[Oisf-users] suricata defending itself

Victor Julien lists at inliniac.net
Tue Aug 18 07:36:34 UTC 2015

On 08/17/2015 03:00 PM, BARÓCSI Gábor wrote:
> Please help me with an issue. I’ve configured a Suricata on a test
> firewall using NFQ and repeat mode with iptables.
> When Suricata runs, it detects all penetration tests if these tests are
> regarded to a subsystem like a webserver behind the firewall. No problem
> with that.
> But when I run a test-attack directly to Suricata, then it does not log
> anything and does not detect anything.
> Am I missing some rules or something? I’m using all the basic rules for
> snort with oinkmaster.

For this to work you need iptables NFQUEUE rules in the INPUT and OUTPUT
chains as well as your existing FORWARD chain rules.

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list