[Oisf-users] Suricata Inline (NFQ) + bridge interface - any news ?
Eric Leblond
eric at regit.org
Wed Mar 27 22:34:22 UTC 2019
Hi,
On Wed, 2019-03-27 at 18:02 -0300, Breno Silva wrote:
> Hello all,
>
> I have an appliance where multiple interfaces are configured in
> bridge (ie. br0) mode. Trying to run suricata inline (nfq) on a
> bridged applicance sometimes doesn't work very well for and looks
> like it is a known issue for years. I cannot use afpacket/netmap or
> other "true" bridge approached. Must continue with nfqueue,
Do you stilll have the same behavior if you filter on one physical
interface ?
> Do we have any update on this topic? some solution?
> I heard Victor saying it is a netfilter issue, do we have any
> feedback from netfilter core team ?
It has been discussed.
> Thinking about the possibility to use ebtables with some nfqueue
> support. Should be possible ?
No effort is done anymore on ebtables development, you better try with
nftables. Some work has been done to get a working nfqueue on bridge
with nft.
Best regards,
--
Eric
More information about the Oisf-users
mailing list