[Oisf-users] Some problems with Suricata 3.1 using divert sockets
Victor Julien
lists at inliniac.net
Thu Jul 7 14:46:28 UTC 2016
On 07-07-16 16:41, C. L. Martinez wrote:
> On Thu 7.Jul'16 at 15:21:49 +0100, Oliver Humpage wrote:
>>
>>> oops .. Really? Then, it is a problem for me. One question: will divert socket work under FreeBSD 10.x/11-CURRENT with pf or only with ipfw??
>>
>> I don’t think FreeBSD’s pf supports divert-to, so definitely ipfw only.
>>
>> However, if you’re using FreeBSD, I’d definitely suggest using netmap rather than divert unless you’re trying to send very specific traffic to suricata.
>>
>> BTW I did need the much better rule syntax/queueing of OpenBSD’s pf, so I ended up using two boxes: one essentially invisible box that runs netmap, and a separate OpenBSD one for the fancy stuff.
>>
>> Oliver.
>>
>
> Yes, it is a solution. But, Victor, is on roadmap to support divert sockets for pf in both platforms: OpenBSD and FreeBSD?
No, it's not planned. If anyone is interested in looking into it, go for
it :)
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list