[Oisf-users] Suricata-3.0.1: pf_ring IPS mode doesn' work.
Victor Julien
lists at inliniac.net
Tue May 31 16:26:33 UTC 2016
On 31-05-16 17:51, oleg gv wrote:
> I'm using latest ntop pfring lib and kernel module and suricata works
> fine in --pfring mode.
>
> I create my own rule: "drop tcp any..." - and I only can see alerts with
> [wDrop] type - packets only alerted and not dropped.
>
> I looked in code and didn't see that it turn enging to IPS mode when
> using pfring.
>
> Is it possible to run suricata in IPS mode in --pfring capture mode ?
No, it's not supported.
https://redmine.openinfosecfoundation.org/issues/1726
AF_PACKET and NETMAP IPS modes are supported.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list