[Oisf-users] Suricata IPS mode with AF_PACKET with multiple interfaces
Dihin LIN
linzx11 at gmail.com
Thu Oct 24 13:05:53 UTC 2019
I want to deploy suricata as IPS in my vpc,
There are multiple network interfaces in my CVM, This CVM as a router
between several vpcs,
so this CVM will forward other vpc's traffic.
For example i have eth0, eth1, eth2 three nics
How to configure the af_packet ips?
af-packet:
- interface: eth0
threads: auto
defrag: yes
cluster-type: cluster_flow
cluster-id: 99
copy-mode: ips
copy-iface: eth1
buffer-size: 64535
use-mmap: yes
- interface: eth0
threads: auto
defrag: yes
cluster-type: cluster_flow
cluster-id: 98
copy-mode: ips
copy-iface: eth2
buffer-size: 64535
use-mmap: yes
- interface: eth1
threads: auto
cluster-id: 97
defrag: yes
cluster-type: cluster_flow
copy-mode: ips
copy-iface: eth0
buffer-size: 64535
use-mmap: yes
- interface: eth1
threads: auto
cluster-id: 96
defrag: yes
cluster-type: cluster_flow
copy-mode: ips
copy-iface: eth2
buffer-size: 64535
use-mmap: yes
- interface: eth2
threads: auto
cluster-id: 95
defrag: yes
cluster-type: cluster_flow
copy-mode: ips
copy-iface: eth0
buffer-size: 64535
use-mmap: yes
- interface: eth2
threads: auto
cluster-id: 94
defrag: yes
cluster-type: cluster_flow
copy-mode: ips
copy-iface: eth1
buffer-size: 64535
use-mmap: yes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191024/1f5037cf/attachment.html>
More information about the Oisf-users
mailing list