[Oisf-users] How do I get IPF mode to, well, P?

[Andreas Herz]

Hi,

On 04/03/16 at 17:02, James Moe wrote:
>   suricata is built in IPF mode using NFQUEUE.
>   I see this in <fast.log>, thinking the packet should be dropped:
> 03/04/2016-13:34:38.972801  [**] [1:2402000:3998] ET DROP Dshield Block
> Listed Source group 1 [**] [Classification: Misc Attack] [Priority: 2]
> {TCP} 185.130.5.98:43578 -> 192.168.69.246:587

Did you convert the alert rule to a drop rule?

I guess not as the DROP in front of the [**] is missing.

-- 
Andreas Herz