[Oisf-users] Can I run Suricata with AF_Packet inside container
Leonard Jacobs
ljacobs at netsecuris.com
Fri Jun 19 17:50:36 UTC 2015
Did you setup the interfaces within suricata.yaml in the af-packet section? Set ips mode in that section?
See https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/. It works. We use and it works great as long as your rules are set to drop as the action.
From: oisf-users-bounces at lists.openinfosecfoundation.org [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Saxena, Samiksha
Sent: Friday, June 19, 2015 12:48 PM
To: oisf-users at lists.openinfosecfoundation.org
Subject: [Oisf-users] Can I run Suricata with AF_Packet inside container
Hi,
I want to run Suricata with AF_packet mode inside a docker container. I am having trouble with configuring the interfaces. Also, I ran a simple rule of dropping every TCP request, but seems like nothing is dropped.
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150619/6b647520/attachment-0002.html>
More information about the Oisf-users
mailing list