[Oisf-users] having NFQUEUE without a suricata instance running blocks all connections

Jeff Dyke jeff.dyke at gmail.com
Wed Aug 30 21:01:13 UTC 2017

I'm not positive, but the man page on ubuntu 16.04 4.4.0-93-generic -
(iptables v1.6.0) also does not show it.

You can also do: -A INPUT -s 123.456.789.101/08 -p tcp --dport 22 -j ACCEPT

As an early iptables rule, but that does not solve the problem as much as
allow you to fix it.

I would just try to add the rule with the flag, and see if it complains.  I
use salt for configuration and was looking at their iptables code to see
how to add it to my suricata states, and noticed it has been in their
source for a while.


On Wed, Aug 30, 2017 at 4:40 PM, James Moe <jimoe at sohnen-moe.com> wrote:

> On 08/29/2017 02:13 PM, Jeff Dyke wrote:
> > https://home.regit.org/netfilter-en/using-nfqueue-
> and-libnetfilter_queue/
> >
> > You can add |--queue-bypass|. I'll request that the documentation is
> > updated. I'm not out of the woods, but past this issue.
> >
>   In opensuse 42.2 (linux 4.4.79-18.26-default x86_64) the iptables
> manual does not show "--queue-bypass" as an option.
>   Is the option undocumented, hidden, or unsupported? Or does it require
> a custom build of iptables?
> --
> James Moe
> moe dot james at sohnen-moe dot com
> 520.743.3936
> Think.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170830/6e454641/attachment-0002.html>

More information about the Oisf-users mailing list