[Oisf-users] Running Suricata in Inline mode with Netfilter
Manoj Kumar
manojrk at setsindia.net
Wed Dec 11 11:57:23 UTC 2019
Hello,
I've been trying to run Suricata in Inline mode using this rule:
iptables -I forward -j NFQUEUE
While I've found no problems in getting Suricata to work, I simply
couldn't add any further rules in forward chain. As soon as the packets
hit nfqueue, it doesn't hit the rules that are added after it.
For Ex: If I add an icmp drop rule after nfqueue, ping packets are not
being blocked.
Am I doing this right? Any help is appreciated.
Thanks,
Manoj
More information about the Oisf-users
mailing list