[Oisf-users] Reg: [oisf-users] Can i use a bridge and ethernet interface as two different interfaces in af-packet IPS?
Victor Julien
lists at inliniac.net
Thu Nov 8 11:07:31 UTC 2018
On 08-11-18 10:35, kavi perumal wrote:
> A very basic clarification w.r.t suricata IDS/IPS af-packet mode.
> i want to run suricata in IPS --af-packet mode, but would like to use a
> physical interface (eth0) and a bridge(br0) as a pair, where as eth0 is
> not part of the bridge (br0).
>
> suricata.yaml:
> - interface: eth0
> threads: 1
> defrag: yes
> cluster-id: 98
> copy-mode: ips
> copy-iface: br0
> use-mmap: yes
>
I wonder if the problem is that you're creating a Suricata bridge that
includes a kernel level bridge. Are you able to get it working w/o using
a br0 but instead a real interface?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list