[Oisf-users] Question on IP Tables and Bridged interface with AF-Packet

[Edwin van Vliet]

Albert wrote:
> The problem becomes apparent when Suricata matches an IP Address which
> is part of one of the groups in the iptables ruleset.  Suricata sees it, but
> the IP Tables rules do not detect it.

Is the br_netfilter kernel module loaded? Bridges are kind of special.
You need to set the net.bridge.bridge-nf-call-iptables sysctl setting if you want to filter your bridges.

Edwin