[Oisf-users] Trouble with NFQUEUE IPS Mode
Eric Leblond
eric at regit.org
Wed Nov 18 07:02:40 UTC 2015
Hi,
On Tue, 2015-11-17 at 18:11 -0600, Leonard Jacobs wrote:
> I set up Suricata in NFQUEUE with the following IPTABLES
> configuration:
>
> Chain INPUT (policy ACCEPT 107K packets, 152M bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 NFQUEUE all -- p3p1 p2p1 0.0.0.0/0
> 0.0.0.0/0 NFQUEUE num 0
> 0 0 NFQUEUE all -- p2p1 p3p1 0.0.0.0/0
> 0.0.0.0/0 NFQUEUE num 0
> 0 0 NFQUEUE all -- p1p1 eth0 0.0.0.0/0
> 0.0.0.0/0 NFQUEUE num 0
> 0 0 NFQUEUE all -- eth0 p1p1 0.0.0.0/0
> 0.0.0.0/0 NFQUEUE num 0
All counters are 0. So no traffic has been handle by Suricata. Did you
activate ip_forward ?
++
--
Eric Leblond <eric at regit.org>
More information about the Oisf-users
mailing list