[Oisf-users] Suricata IPS AF_packet mode
Albert E. Whale, CEH CHS CISA CISSP
Albert.Whale at IT-Security-inc.com
Sat Mar 9 16:30:27 UTC 2019
Just trying to get Clarity on this issue.
https://docs.mirantis.com/mcp/q4-18/mcp-security-best-practices/use-cases/idps-vnf/ips-mode/afpacket.html
This is in the read use case document:
*To enable IPS mode using the ``AF_PACKET`` Linux bridge:*
Does this mean that I can use the br0 interface?
Or do I need to specify an instance for each of the interfaces in the
bridge as Interface: and copy-iface: configuration items?
brctl show
bridge name bridge id STP enabled interfaces
br0 8000.6805ca842147 no enp1s0
enp4s0
I'm not sure if I can use the bridge to intercept bidirectional traffic,
or if I need a single listener for each inbound and outbound traffic.
Thank you.
--
--
--
Albert E. Whale Email: Albert.Whale at IT-Security-inc.com
Cell: 412-889-6870
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190309/88a2fa34/attachment.html>
More information about the Oisf-users
mailing list