[Oisf-users] Suricata as IPS under OpenBSD

Oliver Humpage oliver at watershed.co.uk
Thu Dec 10 16:27:48 UTC 2015


> On 10 Dec 2015, at 16:21, C.L. Martinez <carlopmart at gmail.com> wrote:
> 
> I will try to explain. I've got  a pair of OpenBSD CARp'ed firewalls redirecting some type of traffic to a host running Suricata. This scenario works without problems, but only as an IDS.
> 
> We have some signatures that we need to deploy inside these firewalls to block certain type of traffic.

In theory you should be able to compile suricata under OpenBSD: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/openbsd_installation_from_git

Then just use divert sockets in either pf or ipfw to send traffic to suricata. Be sure to specify ipfw mode in your suricata.yaml.

Oliver.






More information about the Oisf-users mailing list