[Oisf-users] Suricata inspects all packets?
Vishal Kotalwar V
vishalkv at altencalsoftlabs.com
Tue May 10 11:27:00 UTC 2016
Hi,
I am new to IPS/IDS and netfilter framework. I have a query on packet handling by suricata & netfilter.
In IPS mode, we add iptables rule to pass packets to NFQ on which suricata is listening. Suricata processes those packets and issues verdict for that flow.
Does netfilter send packets from same flow to suricata even after verdict is given? I would assume that conntrack would kick-in here to bypass the queuing for optimization ...
is that right? But conntrack is not mandatory for suricata/netfilter functioning.
Please help me understand ...
Thanks & regards,
Vishal V. Kotalwar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160510/51ed7827/attachment.html>
More information about the Oisf-users
mailing list