[Oisf-users] Encrypted Traffic

Victor Julien lists at inliniac.net
Wed Jan 28 11:03:30 UTC 2015


On 01/28/2015 11:48 AM, Phil Daws wrote:
> within my lab I have two VMs that are acting as firewalls and connected via an IPSEC tunnel with GRE.  A VM on one end sends traffic over this tunnel to another on the other side.  This traffic should not be subjected to Suricata inspection, as am using inline, so what would be the best way to suppress that ?

In general, check
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ignoring_Traffic
 Note that BPF won't work in inline mode.

I'd imagine a rule like "pass ip any any -> any any (ip_proto:47; ...)

If you run the iptables/nfq based inline method you can also use
iptables to control which part of the traffic is inspected by Suri.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-users mailing list