On 7/13/21 11:59 AM, Nick Howitt wrote: > Suricata is a Snort alternative. If it is anything like Snort, it can be > configured to be inside or outside the firewall. In ClearOS, it is > outside the firewall but I assume for other distros it is user configurable. > I am not clear what you mean by "inside" or "outside" the firewall. Info from iptables: -A INPUT -j NFQUEUE --queue-num 0 --queue-bypass
-A OUTPUT -j NFQUEUE --queue-num 0 --queue-bypass Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 122K 59M f2b-cgp-s tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587 2 1008K 79M f2b-cgp-i tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 143,993 3 173K 61M f2b-sri2t tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,53 4 949K 67M f2b-sri-1 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 5 122K 59M f2b-assp1 tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587 6 64M 46G NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0 bypass 7 1262K 518M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED fail2ban is started before suricata to assure they process packets before suricata. -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
