[Oisf-users] Question on IP Tables and Bridged interface with AF-Packet
Albert E. Whale, CEH CHS CISA CISSP
Albert.Whale at IT-Security-inc.com
Thu Feb 14 13:34:22 UTC 2019
I am attempting to use Iptables with a bridged interface, and suricata
with AF-Packet. Has anyone done this?
My work with iptables and the ipset group for matching groups of
networks works great with traditional interfaces.
Suricata is able to detect the traffic with the bridge interface. The
problem becomes apparent when Suricata matches an IP Address which is
part of one of the groups in the iptables ruleset. Suricata sees it,
but the IP Tables rules do not detect it.
Pinging the same IP Address from the command line is easily detected
with the iptables rules.
Has anyone else encountered this behavior before?
Thank you.
--
--
--
Albert E. Whale, CEH CHS CISA CISSP
Email: Albert.Whale at IT-Security-inc.com
Cell: 412-889-6870
More information about the Oisf-users
mailing list