[Oisf-users] Suricata NFQ in PREROUTING chain
Andreas Herz
aherz at oisf.net
Tue May 28 19:51:30 UTC 2019
Hi Paul,
On 28/05/19 at 09:06, Pavel Stepanov wrote:
> When I do
> iptables -t mangle -F ; iptables -t mangle -A FORWARD -m mark ! --mark 0x1/0x1 -j NFQUEUE --queue-num 0
> /var/log/suricata/tls.log and /var/log/suricata/http.log shows all http and tls traffic normally.
> But when I do
> iptables -t mangle -F ; iptables -t mangle -A PREROUTING -m mark ! --mark 0x1/0x1 -j NFQUEUE --queue-num 0
> /var/log/suricata/tls.log and /var/log/suricata/http.log stops show anything anymore.
Is this the whole iptables setup?
We also had a request similiar to that at our redmine, see
https://redmine.openinfosecfoundation.org/issues/2742 where Victor also
mentioned that mangle table isn't meant for this purpose.
It might work but no guarantee.
--
Andreas Herz
More information about the Oisf-users
mailing list