On 5/17/2015 2:38 PM, Tom Eastep wrote: > > Two things: > > a) Shorewall policies only affect traffic that doesn't match any > preceding rule. > > b) By default, entries in the rules file only affect traffic in the NEW > state. So only the initial SYN packet would match the rule. Therefore, > if you want to use rules, you must place them in the ALL section of the > rules file. >
I also see in the Suricata documentation that it wants to see traffic in *both* directions. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
