[Oisf-users] Suricata as IPS under OpenBSD
C.L. Martinez
carlopmart at gmail.com
Thu Dec 10 16:34:18 UTC 2015
On 12/10/2015 04:27 PM, Oliver Humpage wrote:
>
>> On 10 Dec 2015, at 16:21, C.L. Martinez <carlopmart at gmail.com> wrote:
>>
>> I will try to explain. I've got a pair of OpenBSD CARp'ed firewalls redirecting some type of traffic to a host running Suricata. This scenario works without problems, but only as an IDS.
>>
>> We have some signatures that we need to deploy inside these firewalls to block certain type of traffic.
>
> In theory you should be able to compile suricata under OpenBSD: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/openbsd_installation_from_git
>
> Then just use divert sockets in either pf or ipfw to send traffic to suricata. Be sure to specify ipfw mode in your suricata.yaml.
>
Thanks Oliver. Suricata can be installed under OpenBSD without major
issues. But it is not possible to use ipfw (it is only supported under
FreeBSD) and divert option works differently in OpenBSD than it does in
FreeBSD as you can see here:
http://lteo.net/blog/2015/01/06/dissecting-openbsds-divert-4-part-1-introduction/
More information about the Oisf-users
mailing list