[Oisf-users] suricata defending itself
Victor Julien
lists at inliniac.net
Tue Aug 18 07:36:34 UTC 2015
On 08/17/2015 03:00 PM, BARÓCSI Gábor wrote:
> Please help me with an issue. I’ve configured a Suricata on a test
> firewall using NFQ and repeat mode with iptables.
>
> When Suricata runs, it detects all penetration tests if these tests are
> regarded to a subsystem like a webserver behind the firewall. No problem
> with that.
>
> But when I run a test-attack directly to Suricata, then it does not log
> anything and does not detect anything.
>
>
>
> Am I missing some rules or something? I’m using all the basic rules for
> snort with oinkmaster.
>
For this to work you need iptables NFQUEUE rules in the INPUT and OUTPUT
chains as well as your existing FORWARD chain rules.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list