[Oisf-users] Reg: [oisf-users] Can i use a bridge and ethernet interface as two different interfaces in af-packet IPS?
kavi perumal
kaviperumal22 at gmail.com
Thu Nov 8 11:11:56 UTC 2018
Hi Victor Julien,
I am able to run suricata in af-packet tap mode, between two physical
interfaces say eth0 and eth1 where there is no linux bridge involved (basic
inline mode).
suricata.yaml:
- interface: eth0
threads: 1
defrag: ye
cluster-id: 98
copy-mode: ips
copy-iface: eth1
use-mmap: yes
Regards
-Kavi Perumal G.
On Thu, Nov 8, 2018 at 4:37 PM Victor Julien <lists at inliniac.net> wrote:
> On 08-11-18 10:35, kavi perumal wrote:
> > A very basic clarification w.r.t suricata IDS/IPS af-packet mode.
> > i want to run suricata in IPS --af-packet mode, but would like to use a
> > physical interface (eth0) and a bridge(br0) as a pair, where as eth0 is
> > not part of the bridge (br0).
> >
> > suricata.yaml:
> > - interface: eth0
> > threads: 1
> > defrag: yes
> > cluster-id: 98
> > copy-mode: ips
> > copy-iface: br0
> > use-mmap: yes
> >
>
> I wonder if the problem is that you're creating a Suricata bridge that
> includes a kernel level bridge. Are you able to get it working w/o using
> a br0 but instead a real interface?
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181108/615eb6b7/attachment-0001.html>
More information about the Oisf-users
mailing list