[Oisf-users] Suricata as IPS under OpenBSD
C. L. Martinez
carlopmart at gmail.com
Tue Dec 15 09:46:09 UTC 2015
On Mon, Dec 14, 2015 at 4:08 PM, Oliver Humpage <oliver at watershed.co.uk> wrote:
>
>> On 14 Dec 2015, at 16:08, Oliver Humpage <oliver at watershed.co.uk> wrote:
>>
>>
>>> On 14 Dec 2015, at 14:55, C.L. Martinez <carlopmart at gmail.com> wrote:
>>>
>>> And result is: nothing ... Connections established to Google are not blocked ...
>>>
>>> Am I doing something wrong or maybe IPS feature is not supported under OpenBSD??
>>
>> I understand what Julien
>
> Victor, sorry. Been a long day...
>
> Oliver.
Yep, more news about this. Maybe Oliver is right at least.
I have managed to configure Suricata as an IPS for UDP and ICMP
packets, but not for TCP. The problem seems to come from the flag
state of the TCP packets activated by default by pf. I think if I can
change "flags S/SA keep state" for "keep state" only, it could works
....
More information about the Oisf-users
mailing list