[Oisf-users] How to prevent Suricata from inspecting traffic already locally blocked by iptables
Kevin Branch
kevin at branchnetconsulting.com
Fri Apr 27 13:49:12 UTC 2018
Hi Amar,
My original requirement was to only inspect, and early in the discussion I
started looking at how to get NFQ mode to catch the traffic I need for
inspection while not blocking anything at all. When NFLOG was brought up
it became clear that was a closer fit to my actual use case.
Kevin
On Fri, Apr 27, 2018 at 3:51 AM, Amar Rathore - CounterSnipe Systems <
amar at countersnipe.com> wrote:
> Hi Kevin
>
> I see the thread has moved on since our last communication.
>
> Going by the recent email exchanges I am assuming your requirement changed
> from wanting to inspect and block with Suri to just inspect?
>
>
> Amar Rathore
>
> CounterSnipe Systems LLC
> Tel: +1 617 701 7213
> Skype ID: amarrathore
> Web: www.countersnipe.com for Suricata Powered IDS/IPS Software.
>
>
>
>
> On April 27, 2018 at 2:53 AM Giuseppe Longo wrote:
>
>
>
>
> On 27/04/2018 00:59, Kevin Branch wrote:
>
> Giuseppe,
>
> That made all the difference! I thought this feature was available in
> the latest stable Suricata, not only in the dev version. Your syntax
> works now:
>
>
> NFLOG feature is available also in stable version but looks like there
> is a bug or something like that.
> I will try 4.0.4 with NFLOG to see if I can reproduce your issue.
>
> --
> Giuseppe
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180427/0f1d8a44/attachment.html>
More information about the Oisf-users
mailing list