[Oisf-users] Suricata IPS AF_packet mode

Albert E. Whale, CEH CHS CISA CISSP Albert.Whale at IT-Security-inc.com
Sat Mar 9 16:30:27 UTC 2019

Just trying to get Clarity on this issue.


This is in the read use case document:

*To enable IPS mode using the ``AF_PACKET`` Linux bridge:*

Does this mean that I can use the br0 interface?

Or do I need to specify an instance for each of the interfaces in the 
bridge as Interface: and copy-iface: configuration items?

brctl show
bridge name    bridge id                    STP enabled interfaces
br0                8000.6805ca842147    no enp1s0

I'm not sure if I can use the bridge to intercept bidirectional traffic, 
or if I need a single listener for each inbound and outbound traffic.

Thank you.

Albert E. Whale Email: Albert.Whale at IT-Security-inc.com
Cell: 412-889-6870

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190309/88a2fa34/attachment.html>

More information about the Oisf-users mailing list