[Oisf-users] Suricata Inline (NFQ) + bridge interface - any news ?
Amar
amar at countersnipe.com
Thu Mar 28 02:26:14 UTC 2019
Hello Breno
Sorry if I have missed an earlier communication, but what does “sometimes it doesn’t work very well” mean? Could you be more specific please?
Thank you
Amar
Making sense of Technology
>
> On Mar 28, 2019 at 2:32 AM, <Breno Silva (mailto:breno.silva at gmail.com)> wrote:
>
>
>
> Hello all,
>
>
> I have an appliance where multiple interfaces are configured in bridge (ie. br0) mode. Trying to run suricata inline (nfq) on a bridged applicance sometimes doesn't work very well for and looks like it is a known issue for years. I cannot use afpacket/netmap or other "true" bridge approached. Must continue with nfqueue,
>
>
>
> Do we have any update on this topic? some solution?
>
> I heard Victor saying it is a netfilter issue, do we have any feedback from netfilter core team ?
>
>
>
> Thinking about the possibility to use ebtables with some nfqueue support. Should be possible ?
>
>
>
> Thanks
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190328/3af3e34d/attachment-0001.html>
More information about the Oisf-users
mailing list