[Oisf-users] Suricata as IPS under OpenBSD
oliver at watershed.co.uk
Thu Dec 10 16:27:48 UTC 2015
> On 10 Dec 2015, at 16:21, C.L. Martinez <carlopmart at gmail.com> wrote:
> I will try to explain. I've got a pair of OpenBSD CARp'ed firewalls redirecting some type of traffic to a host running Suricata. This scenario works without problems, but only as an IDS.
> We have some signatures that we need to deploy inside these firewalls to block certain type of traffic.
In theory you should be able to compile suricata under OpenBSD: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/openbsd_installation_from_git
Then just use divert sockets in either pf or ipfw to send traffic to suricata. Be sure to specify ipfw mode in your suricata.yaml.
More information about the Oisf-users