Hello all, We are using shorewall version 4.5.21.6 and we cannot make the firewall work with Suricata IPS (using nfqueue on queue number 0). If we set the policy (in policy file):
net $FW ACCEPT ... then we can see that suricata receives traffic (http requests we are sending) and those requests are logged alright. But if we change the policy to: net $FW NFQUEUE(0) ... then suricata receives no traffic. We also tried to change the policy to: net $FW DROP ... and then add the rule (in rules file): NFQUEUE(0) net $FW tcp http,https ... but this configuration does not work either. What are we doing wrong? If there is a "net $FW NFQUEUE(0)" policy or a rule "NFQUEUE(0) net $FW tcp http,https"... why is it that http traffic is not being passed to suricata on queue 0 as we would expect? Thanks a lot Ale ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
