[Oisf-users] Strange behaviour of Suricata
Todor Petkov
petkovptodor at gmail.com
Thu Oct 20 08:40:42 UTC 2016
On Wed, Oct 19, 2016 at 11:50 PM, Andreas Herz <andi at geekosphere.org> wrote:
> I see them there :)
>
> -A INPUT_direct -j NFQUEUE --queue-num 0 --queue-bypass
>
> Could you try 3.2beta or just for testing purposes an older version?
>
> I have a similiar setup working with IPS NFQUEUE with 3.1.x and can't
> reproduce that.
>
> AFAIR we already talked about that at the IRC, so I think we already saw
> that it's working when you add -j ACCEPT instead of the -j NFQUEUE
> right?
After I did "iptables -F INPUT/OUTPUT", it's OK. Currenly the
INPUT/OUTPUT rules are "-j NFQUEUE --queue-num 0 --queue-bypass" and
nothing else (no jump to other chains)
I will draw a diagram of the "normal" flow of packets, since these
INPUT_ZONES/INPUT_direct etc confuse me.
Regards,
More information about the Oisf-users
mailing list