[Oisf-users] Some problems with Suricata 3.1 using divert sockets

[Oliver Humpage]

> oops .. Really? Then, it is a problem for me. One question: will divert socket work under FreeBSD 10.x/11-CURRENT with pf or only with ipfw??

I don’t think FreeBSD’s pf supports divert-to, so definitely ipfw only.

However, if you’re using FreeBSD, I’d definitely suggest using netmap rather than divert unless you’re trying to send very specific traffic to suricata.

BTW I did need the much better rule syntax/queueing of OpenBSD’s pf, so I ended up using two boxes: one essentially invisible box that runs netmap, and a separate OpenBSD one for the fancy stuff.

Oliver.