[Oisf-users] Suricata as IPS under OpenBSD
Oliver Humpage
oliver at watershed.co.uk
Thu Dec 10 16:53:31 UTC 2015
> On 10 Dec 2015, at 16:34, C.L. Martinez <carlopmart at gmail.com> wrote:
>
>
> Thanks Oliver. Suricata can be installed under OpenBSD without major issues. But it is not possible to use ipfw (it is only supported under FreeBSD) and divert option works differently in OpenBSD than it does in FreeBSD as you can see here: http://lteo.net/blog/2015/01/06/dissecting-openbsds-divert-4-part-1-introduction/
"OpenBSD divert(4) is meant to be compatible with software running on
top of FreeBSD's divert sockets"
I really thought I’d had suricata running on OpenBSD + pf + divert-packet at some point during my testing. Maybe I’m misremembering.
However, all the userspace switching of divert meant I’ve now moved to netmap on FreeBSD (and although FreeBSD does support CARP, I dread to think what would happen to carp on netmap-enabled interfaces - plus, in my time, I’ve seen far more crashes *caused* by carp than all other failures put together!).
Oliver.
More information about the Oisf-users
mailing list