On 5/18/2015 1:51 PM, AleCaste wrote: > Hi Tom. By using the following rules: > > NFQUEUE(0) net $FW tcp 80,443 - > NFQUEUE(0) $FW net tcp - 80,443 > > ... It seems the http traffic is going through the firewall without being > blocked although Suricata is not seeing it (http.log is always empty). > I don't know if Shorewall is forwarding the traffic to the right queue. I > found this link: > > https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Setting_up_IPSinline_for_Linux > > My /etc/default/suricata file is: > > RUN=yes > RUN_AS_USER= > SURCONF=/etc/suricata/suricata.yaml > LISTENMODE=nfqueue > IFACE=p1p1 > NFQUEUE=0 > TCMALLOC="YES" > PIDFILE=/var/run/suricata.pid > > I just can't believe no-one has tried to use shorewall+suricata (in ips > mode) before; I cannot find tips or guidelines anywhere. > Could the reason why this is not working have anything to do with > the --queue-bypass flag or something? >
Please forward the output of 'shorewall dump'. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
