Hi Tom. By using the following rules: NFQUEUE(0) net $FW tcp 80,443 - NFQUEUE(0) $FW net tcp - 80,443
... It seems the http traffic is going through the firewall without being blocked although Suricata is not seeing it (http.log is always empty). I don't know if Shorewall is forwarding the traffic to the right queue. I found this link: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Setting_up_IPSinline_for_Linux My /etc/default/suricata file is: RUN=yes RUN_AS_USER= SURCONF=/etc/suricata/suricata.yaml LISTENMODE=nfqueue IFACE=p1p1 NFQUEUE=0 TCMALLOC="YES" PIDFILE=/var/run/suricata.pid I just can't believe no-one has tried to use shorewall+suricata (in ips mode) before; I cannot find tips or guidelines anywhere. Could the reason why this is not working have anything to do with the --queue-bypass flag or something? Thanks a lot for your help Tom -----Original Message----- From: Tom Eastep Sent: Monday, May 18, 2015 12:12 PM To: [email protected] Subject: Re: [Shorewall-users] Shorewall with Suricata in IPS mode ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
