[Oisf-users] How to prevent Suricata from inspecting traffic already locally blocked by iptables

Kevin Branch kevin at branchnetconsulting.com
Fri Apr 27 14:57:56 UTC 2018


Thanks, at this point all that is outstanding for me is determining if
there is a proper syntax that can be used with 4.0.4 to harness NFLOG or if
this really isn't possible except with 4.1.0-dev.

Kevin

On Fri, Apr 27, 2018 at 10:21 AM, Amar Rathore - CounterSnipe Systems <
amar at countersnipe.com> wrote:

> Cool...just wanted to check if I needed to do anything further with your
> previous msg.
>
>
> On April 27, 2018 at 9:49 AM Kevin Branch <kevin at branchnetconsulting.com>
> wrote:
>
> Hi Amar,
>
> My original requirement was to only inspect, and early in the discussion I
> started looking at how to get NFQ mode to catch the traffic I need for
> inspection while not blocking anything at all.  When NFLOG was brought up
> it became clear that was a closer fit to my actual use case.
>
> Kevin
>
> On Fri, Apr 27, 2018 at 3:51 AM, Amar Rathore - CounterSnipe Systems <
> amar at countersnipe.com> wrote:
>
> Hi Kevin
>
> I see the thread has moved on since our last communication.
>
> Going by the recent email exchanges I am assuming your requirement changed
> from wanting to inspect and block with Suri to just inspect?
>
>
> Amar Rathore
>
> CounterSnipe Systems LLC
> Tel: +1 617 701 7213
> Skype ID: amarrathore
> Web: www.countersnipe.com for Suricata Powered IDS/IPS Software.
>
>
>
>
> On April 27, 2018 at 2:53 AM Giuseppe Longo wrote:
>
>
>
>
> On 27/04/2018 00:59, Kevin Branch wrote:
>
> Giuseppe,
>
> That made all the difference! I thought this feature was available in
> the latest stable Suricata, not only in the dev version. Your syntax
> works now:
>
>
> NFLOG feature is available also in stable version but looks like there
> is a bug or something like that.
> I will try 4.0.4 with NFLOG to see if I can reproduce your issue.
>
> --
> Giuseppe
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180427/38b6dd1d/attachment-0001.html>


More information about the Oisf-users mailing list