Hello Filippo. Wow... we thought it would be simpler than that. The main difference is that in our case the machine is not connected to any local network. It's isolated. We only have two zones: net (through p1p1 interface) and $FW So I guess your configuration would not work for us. Or am I wrong?
-----Original Message----- From: Filippo Carletti Sent: Tuesday, May 19, 2015 10:35 AM To: Shorewall Users Subject: Re: [Shorewall-users] Shorewall with Suricata in IPS mode I worked on suricata and shorewall with nfqueue on nethserver. Suricata was segfaulting, so I reverted to snort, but I think that shorewall configuration is the same for both IDSs. policy: loc net ACCEPT:NFQBY $FW net ACCEPT:NFQBY rules: ?SECTION ESTABLISHED # Enable NFQ for ESTABLISHED connections NFQBY loc net NFQBY net loc NFQBY net fw NFQBY fw net ?SECTION RELATED # Enable NFQ for RELATED connections NFQBY loc net NFQBY net loc NFQBY net fw NFQBY fw net Port forwards are like this: DNAT- net 192.168.x.x:143 tcp 143 - - NFQBY net loc tcp 143 - - NFQBY is an action to bypass nfqueue if snort is down. IPTABLES(NFQUEUE --queue-bypass) I hope to find time to re-evaluate suricata, I'd like to hear about your experience. -- Ciao, Filippo ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
