[Oisf-users] suricata update modify
Slava Bendersky
volga629 at networklab.ca
Thu Oct 18 11:58:24 UTC 2018
Hello Everyone,
Can't figure out how to insert nfq connection mark in drop rules in /etc/suricata/modify.conf.
First one works, second incorrect.
Any help thank you.
re:. ^alert drop
re:. ";)$" "; nfq_set_mark:0x2\/0xffffffff;)"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181018/7831a44f/attachment.html>
More information about the Oisf-users
mailing list